Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme beim Hochfahren (https://www.trojaner-board.de/158237-probleme-beim-hochfahren.html)

jmm20008 02.09.2014 20:14
Probleme beim Hochfahren
 
Hallo zusammen,

mein Labtop hat gestern nach dem anschauen von Videos nicht mehr reagiert. Der Taskmanager konnte nicht mehr aufgerufen werden und ich musste den AUS Schalter benutzen. Danach habe ich diesen versucht ihr auf Probelem zu scannen, was auch nicht richtig funktioniert hat. Dann habe ich ihn auf einen früheren Zeitpunkt zurückgesetzt, danach hat es aber auch Probleme mit dem Hochfahren (dauert länger, länger einen weißen Bildschirm) und beim Starten von avast und Antvir gibt es auch Probleme.
Ich habe jetzt Farbar und Defogger heruntergeladen und wie beschrieben durchgeführt.
Ich bitte um Hilfe!!!!

Manuela


FRST
FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by JMR (administrator) on JMR-PC on 02-09-2014 20:54:33
Running from C:\Users\JMR\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\eSupport\SupThrSrv\SupThrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\MountPoints2: {11822fe5-bd95-11e3-a4e7-74f06da40a09} - F:\AutoRun.exe
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\MountPoints2: {11822ff0-bd95-11e3-a4e7-74f06da40a09} - F:\AutoRun.exe
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\MountPoints2: {11822ffb-bd95-11e3-a4e7-74f06da40a09} - F:\AutoRun.exe
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\MountPoints2: {bb29e38a-e965-11e3-b92d-74f06da40a09} - F:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by JMR at 2014-09-02 20:56:40
Running from C:\Users\JMR\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}) (Version: 1.3.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.25 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Break'n'Run (HKCU\...\Break'n'Run) (Version:  - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 13.2.0.8623k - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.12_SmartArea_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0019 - ASUS)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
PHOTOfunSTUDIO 4.0 HD Edition (HKLM-x32\...\{381D847E-7E56-4E82-B261-F799E0F40EB4}) (Version: 4.00.140 - Panasonic Corporation)
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version:  - Oberon Media)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.34 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.34 - Saal Digital Fotoservice GmbH) Hidden
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SILKYPIX Developer Studio 3.0 SE (HKLM-x32\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version:  - Oberon Media)
Softonic Deutsch FF Toolbar (HKLM-x32\...\Softonic_Deutsch_FF Toolbar) (Version: 6.2.2.4 - Softonic Deutsch FF) <==== ATTENTION
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.13 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B1F20F-2F8F-4774-B4B3-2413729F85E9} - System32\Tasks\{6CB8F38E-220D-4EA6-89F3-7FD07BF35949} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {04A06582-237D-4FAD-90AA-0B10CC1332DC} - System32\Tasks\{3F8B00AD-3DCC-4473-AB78-082789C67B81} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {07E07BFA-C5E6-4F42-A36A-C2A29B024A64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08B85B09-15CD-449A-ACCE-4D710642C00D} - System32\Tasks\{6734EEBA-407A-4CE6-B784-D01BEFC84050} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1258E861-AA6F-44B1-B24C-69B94A2DC967} - System32\Tasks\{D559F9E2-759E-4318-AF24-842ADF6B1556} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {12DF3EB6-0016-4F8E-8457-D0E21B0ECA7C} - System32\Tasks\{A1AEA5A2-5CD6-4B5E-AD8E-AED6A31BBAAB} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {13696A64-B5FA-42E1-8587-D3DB66D3F8FF} - System32\Tasks\{AD77C81F-3D4F-4DA1-B644-5D6CC55A89C3} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {16D669F0-46B8-4ADF-B261-BD5AC41C1687} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1A09FB9D-C413-4ECC-AD53-1737E53DA024} - System32\Tasks\{A7FEA7C7-6344-499F-AFE4-402B0BA98266} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {22D533EC-326C-4727-ADE3-0CFFBA7418EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {233F9EF5-F598-4FD2-B008-650733D34DCA} - System32\Tasks\{F9A87038-5643-4D2E-9413-629CAFB80771} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27089241-2C71-4A14-B31F-E27985ECADAC} - System32\Tasks\{832DCFE9-95D5-484F-8ECC-4CDE2E3AB202} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {270FCBA1-A29F-42FD-89EE-0CB70866A8BC} - System32\Tasks\{FF6FACE1-16CD-40ED-8789-D316D62C25D4} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2BEF415C-A8D5-4975-A996-EDCA71CF35CC} - System32\Tasks\{65D9773C-BF77-46E9-A8EB-E09885999AEA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2CC04C14-7666-461D-B5C7-15BD6FF53A90} - System32\Tasks\{9EA2B841-AA46-4C76-9DC0-CC86A4980442} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {33D75B08-5076-4FB4-B43A-977304D52984} - System32\Tasks\{2B848E28-A995-4180-9ABC-F15E73658471} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {34CFF547-A8D4-4899-A716-5655022EB4F5} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-04-28] (Uniblue Systems Limited) <==== ATTENTION
Task: {39B561F6-69EC-4436-B059-2B60451D4E29} - System32\Tasks\{1A0CB159-08C3-4DCC-B239-F469C4C4E51A} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {423B88EC-A677-497E-890E-0D70B5CA494A} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {52BD11EE-30A0-4511-8BD3-3967D662B2AF} - System32\Tasks\{2AFA424D-8A61-4B7A-87E6-487F8B35B017} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5349F3EF-6DBC-42FC-94FD-ED22670CEFDA} - System32\Tasks\{F34F3E00-AC60-4F0E-8688-7AF6D6EB7B47} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {55FEBD73-B981-4473-8770-ACA2A1DBEB9C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {58268C03-ED50-4573-A464-B5A92D9E91B5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {5CDCA703-C793-4B70-A1B4-1282C5BBAE2A} - System32\Tasks\{1BA3B669-0280-4AB7-A578-2053255240C2} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5E4517D1-A6D5-4E13-9D5A-0F9C031BECC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {63B34D3B-BAB5-450B-8CD1-510FB70C0097} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {63B5A2D7-BC8D-4B5C-AE2B-9CF2AA4272E0} - System32\Tasks\{F2982E5D-CEB2-4604-BCFD-5EC035659011} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {646322C2-B1F5-4FDC-BBB0-9783960E66CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02] (Google Inc.)
Task: {6571C3B6-0FDD-4BDD-8010-87C389B976F5} - System32\Tasks\{78416160-E916-4E9C-AAE4-EEE5E25074E8} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6571F630-599A-4F0B-8CAB-A47789EE045E} - System32\Tasks\{4A223F97-FF67-4351-B350-AAEDCA779B1F} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {66475C8E-0319-47CB-9BF2-FE8BE11312F6} - System32\Tasks\{E3FC8612-42FB-4B90-A7B8-9F5779D7951D} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6A5038C9-7DA5-4987-AF12-6B4534ED9C3A} - System32\Tasks\{B4EB44E8-A01C-4FE7-99D5-D2020CB818C7} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6CF373BF-2325-4AEF-B06F-23AC8CF968C6} - System32\Tasks\{2624AE12-354E-410E-858F-DEA8F0FD48BE} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6E2C93D2-8DC7-4C6B-925D-57DD2D460DC6} - System32\Tasks\{B94822C1-607B-4EC2-8B6E-825A5516E6C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-04-28] (Uniblue Systems Limited)
Task: {764BD081-99CC-435E-9ACC-4CF9C9C78F4C} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-04-28] (Uniblue Systems Limited) <==== ATTENTION
Task: {810505C9-00D5-4598-8288-FF72A6FC9178} - System32\Tasks\FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {898C69D3-E416-453E-A787-B8CBA54E93B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02] (Google Inc.)
Task: {89C08868-FBF2-4AB0-87FD-4E1E1E10863D} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {8FDE1513-59A0-4BE6-8E7F-BAB03AA2BCF3} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {96126B83-71EC-43A6-94A6-83673998060E} - System32\Tasks\{19A99E52-76EB-435F-BB39-BCA3EFBA4A09} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {992DE68C-AEF9-4A0C-9AC2-990B5CC600D2} - System32\Tasks\{E934E0D2-D1FB-45E2-AADD-03FC393670EF} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {99D61B18-41FD-482F-A4B6-3762E7D4E6A2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-07] (ATK)
Task: {A78C26BB-234E-4004-8E90-AB1BAE5FB73C} - System32\Tasks\{E99B91BB-C7D7-4913-81B5-0F77786CF7C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {A94E2932-1B11-4908-8749-E8E387CB98A2} - System32\Tasks\{632D5B1A-83EB-4FE9-BCA4-50D302793C93} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {AB2AD3F2-8939-4D06-A803-179FC7EFB3D0} - System32\Tasks\{B23594F3-28CE-42F4-B6F1-27DD7F363349} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ABF21798-A8F6-4A5F-9032-60DA6F93EE35} - System32\Tasks\{12A5ED1C-0B4E-48D8-A9D9-D5999E814FFD} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ADF97F85-9135-4841-9E6F-D3D5A3B40533} - System32\Tasks\{B0751EE5-17A5-4249-AB19-8F18C0837953} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {C1777662-88BF-43E2-A015-D113F5B5EDBE} - System32\Tasks\{010535D7-0CD0-47D9-8E4C-E6BA7CB7DB05} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {C1A48D86-0522-4CEA-8BFF-A202C20BF813} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C5C0D228-5BED-4795-85EB-DF2443D204A3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {CC34E114-24B6-47BC-B6D7-D3496342236E} - System32\Tasks\{50985744-12CB-4E0C-8C9C-45757E60FFC9} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-04-28] (Uniblue Systems Limited)
Task: {CF46610F-D7A9-48AA-B421-9981CB195D00} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-23] (TODO: <Company name>)
Task: {D2E54591-FC6B-44C3-B885-1AA498F39A20} - System32\Tasks\{E9698C53-1824-4CC7-A0B9-6663DDA0BD99} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D33A713D-0358-4968-8FF1-03F176651387} - System32\Tasks\{942CCF83-5B7B-4E48-9B8D-E6DB5F9FDFCA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {E0765BE3-4B5D-471A-856E-F76B0FA4BAE6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {EBE638D0-28F7-44F7-9CD8-A72A03B1DCD1} - System32\Tasks\{1946E732-0BF4-4ACE-B2E6-5F0A2C8B7B4C} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {F0F4B88C-30DF-4EE4-965F-0A64A418B861} - System32\Tasks\{82A1FC45-4F21-4D7B-9FF4-7B534722DEA2} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {FEAF62C6-A3D7-4F30-929B-8DE260A443E4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-10-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-09-12 22:09 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-04-06 18:26 - 2014-04-06 18:25 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2009-09-24 14:50 - 2009-09-24 14:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-10-23 01:45 - 2009-10-23 01:45 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-09-12 22:19 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-10-23 22:40 - 2009-10-23 22:40 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-09-11 21:27 - 2009-09-11 21:27 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-09-12 22:09 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2009-07-02 03:54 - 2009-07-02 03:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2014-07-04 20:20 - 2014-07-04 20:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 10:08 - 2014-09-02 10:08 - 02807296 _____ () C:\Program Files\AVAST Software\Avast\defs\14090200\algo.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-11-16 19:10 - 2007-07-27 16:10 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
2010-11-16 19:10 - 2009-07-03 14:04 - 00084992 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00074752 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
2010-11-16 19:10 - 2009-07-01 17:46 - 00461824 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
2010-11-16 19:10 - 2009-07-08 12:24 - 00167424 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00089088 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00065024 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
2010-11-16 19:10 - 2009-07-03 14:40 - 00085504 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
2010-11-16 19:10 - 2009-07-09 18:41 - 00222720 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
2010-11-16 19:10 - 2009-07-03 14:21 - 00042496 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
2010-11-16 19:10 - 2009-07-03 14:11 - 00267264 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00297984 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
2014-07-04 20:20 - 2014-07-04 20:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-06 07:36 - 2014-08-06 07:37 - 03730544 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 19:51 - 2014-07-08 19:51 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:115CEE00
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\JMR\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BitTorrent DNA => "C:\Program Files (x86)\DNA\btdna.exe"
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 07:49:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: speedupmypc.exe, Version: 6.0.3.6, Zeitstempel: 0x49180193
Name des fehlerhaften Moduls: libcef.dll, Version: 1.1453.1273.0, Zeitstempel: 0x51afcc89
Ausnahmecode: 0x4000001f
Fehleroffset: 0x000ed4d0
ID des fehlerhaften Prozesses: 0x934
Startzeit der fehlerhaften Anwendung: 0xspeedupmypc.exe0
Pfad der fehlerhaften Anwendung: speedupmypc.exe1
Pfad des fehlerhaften Moduls: speedupmypc.exe2
Berichtskennung: speedupmypc.exe3

Error: (09/02/2014 07:40:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\AVAST Software\Avast\setup\Sfx\instup.exe Files\AVAST Software\Avast\setup\Sfx\instup.exe"  /build_id /cookie /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\JMR\AppData\Local\Temp\_av_iup.tm~a02892 ; Beschreibung = avast! antivirus system restore point; Fehler = 0x8007043c).

Error: (09/02/2014 00:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: speedupmypc.exe, Version: 6.0.3.6, Zeitstempel: 0x49180193
Name des fehlerhaften Moduls: libcef.dll, Version: 1.1453.1273.0, Zeitstempel: 0x51afcc89
Ausnahmecode: 0x4000001f
Fehleroffset: 0x000ed4d0
ID des fehlerhaften Prozesses: 0x5e4
Startzeit der fehlerhaften Anwendung: 0xspeedupmypc.exe0
Pfad der fehlerhaften Anwendung: speedupmypc.exe1
Pfad des fehlerhaften Moduls: speedupmypc.exe2
Berichtskennung: speedupmypc.exe3

Error: (09/02/2014 00:26:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (09/02/2014 10:14:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (09/02/2014 10:14:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (09/02/2014 09:07:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avguard.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec6c4
Name des fehlerhaften Moduls: ProductUtilities.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53c54831
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73dd6554
ID des fehlerhaften Prozesses: 0x820
Startzeit der fehlerhaften Anwendung: 0xavguard.exe0
Pfad der fehlerhaften Anwendung: avguard.exe1
Pfad des fehlerhaften Moduls: avguard.exe2
Berichtskennung: avguard.exe3

Error: (09/02/2014 08:59:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (09/02/2014 08:59:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (09/02/2014 01:33:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (09/02/2014 08:01:14 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/02/2014 07:59:09 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/02/2014 07:56:57 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/02/2014 07:54:53 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/02/2014 07:52:42 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/02/2014 07:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/02/2014 07:48:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.

Error: (09/02/2014 07:47:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053

Error: (09/02/2014 07:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Tcp-Portfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/02/2014 07:47:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Tcp-Portfreigabedienst erreicht.


Microsoft Office Sessions:
=========================
Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 10:57:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-03-31 13:08:49.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-31 12:37:21.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 47%
Total physical RAM: 4061.02 MB
Available physical RAM: 2140.75 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 5880.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:39.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:4.83 GB) NTFS
Drive g: () (Removable) (Total:3.69 GB) (Free:0.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

--- --- ---

M-K-D-B 02.09.2014 20:19
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


jmm20008 03.09.2014 17:22
Danke für die schnelle Antwort! Habe es schon in die Anfrage gesetzt!

Gruß

Manuela

M-K-D-B 04.09.2014 08:07
Servus,





Mehrere Anti-Virus-Programme

Code:
Avast
Avira
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

jmm20008 04.09.2014 09:00
Hallo nochmal,

vielen Dank schonmal für die schnelle Unterstützung!

Während der Durchführung kam mir aber trotz ausschalten von AntiVir eine Meldung, dass das Ausführen blockiert wird.
Soll ich nach dem Löschen, das Program nochmal durchlaufe lassen?

Gruß

Manuela


Code:
ComboFix 14-08-31.01 - JMR 04.09.2014  9:31.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4061.2283 [GMT 2:00]
ausgeführt von:: c:\users\JMR\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uniblue\SpeedUpMyPC
c:\program files (x86)\Uniblue\SpeedUpMyPC\fonts\OpenSans-Bold.ttf
c:\program files (x86)\Uniblue\SpeedUpMyPC\fonts\OpenSans-Light.ttf
c:\program files (x86)\Uniblue\SpeedUpMyPC\fonts\OpenSans-Regular.ttf
c:\program files (x86)\Uniblue\SpeedUpMyPC\fonts\OpenSans-Semibold.ttf
c:\program files (x86)\Uniblue\SpeedUpMyPC\icudt.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\libcef.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\library.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\resources.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.log
c:\program files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr2.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll
c:\users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\search-metadata.json
c:\users\JMR\Documents\~WRL0001.tmp
c:\users\JMR\Documents\~WRL0002.tmp
c:\windows\msvcr71.dll
c:\windows\Tasks\FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9}.job
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-04 bis 2014-09-04  ))))))))))))))))))))))))))))))
.
.
2014-09-04 07:49 . 2014-09-04 07:49        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2014-09-04 07:49 . 2014-09-04 07:49        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2014-09-04 07:49 . 2014-09-04 07:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-02 18:54 . 2014-09-02 18:57        --------        d-----w-        C:\FRST
2014-09-02 08:15 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-09-02 08:15 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-09-02 08:15 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-09-02 08:15 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-09-02 08:15 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-09-02 08:15 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-09-02 08:15 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-09-02 08:15 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-09-02 06:59 . 2014-08-21 09:24        11319192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{22BE8562-5725-4AE4-B421-93A662847F03}\mpengine.dll
2014-09-02 06:59 . 2014-07-16 03:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-02 06:59 . 2014-07-16 02:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-02 06:58 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-09-02 06:58 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-09-02 06:58 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-09-02 06:58 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-09-02 06:58 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-09-02 06:58 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-09-02 06:58 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-09-02 06:58 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-09-02 06:58 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-09-02 06:51 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-09-02 06:51 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-09-02 06:51 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-09-02 06:51 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-09-02 06:51 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-09-01 19:59 . 2014-09-02 06:18        --------        d-----w-        C:\e9da33e2ef00251bf164
2014-08-28 21:12 . 2014-08-28 21:12        --------        d-----w-        c:\users\JMR\LuminanceHDR
2014-08-28 21:12 . 2014-09-02 07:04        --------        d-----w-        c:\program files (x86)\Luminance HDR
2014-08-28 09:21 . 2014-08-28 09:21        --------        d-----w-        c:\users\JMR\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-02 17:42 . 2013-03-21 21:29        427360        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-09-02 08:28 . 2010-11-22 18:58        99218768        ----a-w-        c:\windows\system32\MRT.exe
2014-08-25 04:53 . 2011-05-01 19:20        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-07-15 14:00 . 2013-05-12 08:25        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-11 01:02 . 2014-07-20 13:08        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-08 17:51 . 2012-11-30 09:43        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 17:51 . 2012-11-30 09:43        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-04 18:21 . 2014-01-16 06:02        92008        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-07-04 18:21 . 2013-03-21 21:29        224896        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-07-04 18:21 . 2013-03-21 21:29        1041168        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-07-04 18:21 . 2013-03-21 21:29        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 18:21 . 2014-04-22 10:35        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-07-04 18:21 . 2013-03-21 21:29        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 18:21 . 2013-03-21 21:29        307344        ----a-w-        c:\windows\system32\aswBoot.exe
2014-07-04 18:21 . 2013-03-21 21:29        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-07-04 18:20 . 2014-07-04 18:20        43152        ----a-w-        c:\windows\avastSS.scr
2014-07-03 14:15 . 2013-03-31 09:45        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-18 02:18 . 2014-07-09 17:22        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 17:22        646144        ----a-w-        c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 17:22        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 17:22        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-30 17:56        222832        ----a-w-        c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-30 17:56        222832        ----a-w-        c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-30 17:56        222832        ----a-w-        c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-02 4085896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-04-06 296520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-4-6 1011808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C615(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 SupThrSrv;Super Thruster Service;c:\esupport\SupThrSrv\SupThrSrv.exe;c:\esupport\SupThrSrv\SupThrSrv.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-02 17:42        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-30 17:51]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 17:40]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-30 17:57        261744        ----a-w-        c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-30 17:57        261744        ----a-w-        c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-30 17:57        261744        ----a-w-        c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-04 18:21        634872        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{53E4563B-DE4E-4624-9945-DCA6E92511E7}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://de.yahoo.com?fr=hp-avast&type=prc265
FF - prefs.js: keyword.URL - hxxp://de.yhs4.search.yahoo.com/yhs/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{9d81af43-de53-48d0-a199-42c2a226b24c} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
BHO-{9d81af43-de53-48d0-a199-42c2a226b24c} - (no file)
Toolbar-Locked - (no file)
Toolbar-{9d81af43-de53-48d0-a199-42c2a226b24c} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-04  09:54:17
ComboFix-quarantined-files.txt  2014-09-04 07:54
.
Vor Suchlauf: 15 Verzeichnis(se), 39.803.854.848 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 39.831.932.928 Bytes frei
.
- - End Of File - - 154D6997A71A387E34C94CD0CB9D5D98
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 04.09.2014 10:44
Servus,



Avira oder Avast deinstallieren bitte.



Dann:



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

jmm20008 04.09.2014 14:00
Nachdem ich mit dem Malwarebytes Anti-Malware alles gescannt habe, komme ich immer beim Öffnen von Firefox die Fehlermeldung: Proxyserver verweigert die Verbindung
Würde mich über eine schnelle Antwort freuen!

M-K-D-B 04.09.2014 14:01
Zitat:
Zitat von jmm20008 (Beitrag 1354039)
Nachdem ich mit dem Malwarebytes Anti-Malware alles gescannt habe, komme ich immer beim Öffnen von Firefox die Fehlermeldung: Proxyserver verweigert die Verbindung
Würde mich über eine schnelle Antwort freuen!
weiter mit JRT und FRST bitte.... Logdatei von MBAM und AdwCleaner posten.

jmm20008 04.09.2014 14:46
Habe beides ausgeführt, komme aber immer noch nicht mit Labtop in den Explorer, da der proxy Server die Verbindung verweigert. Vielen Dank nochmals für die superschnelle Hilfe.

M-K-D-B 04.09.2014 16:20
Zitat:
Zitat von jmm20008 (Beitrag 1354063)
Habe beides ausgeführt, komme aber immer noch nicht mit Labtop in den Explorer, da der proxy Server die Verbindung verweigert. Vielen Dank nochmals für die superschnelle Hilfe.
Guck mal hier:
Probleme mit der Internetverbindung (Proxy-Einstellungen prüfen)

jmm20008 04.09.2014 16:43
Ok, das Internet Problem ist jetzt gelöst!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.09.2014
Suchlauf-Zeit: 13:44:08
Logdatei: text datei.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.04.03
Rootkit Datenbank: v2014.08.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: JMR

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 400852
Verstrichene Zeit: 21 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [436013d60576a492600c522b0ff303fd],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [436013d60576a492600c522b0ff303fd],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, , [822119d02358d3639d7e2ac7ad55d729],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, , [d6cd03e6354677bf2bf28c6512f0ee12],
PUP.Optional.Groovorio, HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}, , [9a09c6230f6cf83e834c69f2c93ba858],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [752e6b7e651682b4d24478a625de07f9],

Registrierungswerte: 1
PUP.Optional.RocketTab.A, HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, , [f5aea34638431a1cb369bd3482802dd3]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 6
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.QuickStart.A, C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, , [2b787b6ebbc091a5a32dc409f40edf21],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23, , [30731dcc93e8a096a0a72ac2709248b8],

Dateien: 42
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, , [6c37c623a3d88aacf22da15025dd4eb2],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, , [2c7733b60b7090a6cd5225cc18eaa15f],
PUP.Optional.AllDaySavings.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\extensions\j005-bwqhdvbmcimdkh@jetpack.xpi, , [e0c34d9c4b30cb6b44cc0aeb867cd42c],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\Groovorio.xml, , [792ad6132556c86ee0edb941b9494db3],
PUP.Optional.Groovorio.A, C:\Windows\Tasks\Groovorio.job, , [f9aaf5f4f18a2b0bb519609a8280f20e],
PUP.Optional.Groovorio.A, C:\Windows\System32\Tasks\Groovorio, , [643f2bbedf9cb18516b99862c83a639d],
PUP.Optional.QuickStart.A, C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, , [cdd611d8b5c6cd69e3005cfc35cf837d],
PUP.Optional.QuickStart.A, C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, , [d3d056931d5e3600974c7eda788c0bf5],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\config.dat, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\makecert.exe, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\TrustedRoot.cer, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\certutil.exe, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplc4.dll, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplds4.dll, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\nss3.dll, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\smime3.dll, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\softokn3.dll, , [059e5a8f6f0c3303a92b9e2d956d1ce4],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav-groups, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\favs##9941ad8a2961a54a91c81e61acd7bca2, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\redirects, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\64e2fe654bd774963b6c1b3979889f2d, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\074c20c9e7f117a6b23461aefe190b76, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\1d17a65cedcc79d97c9c1dff7cc069d9, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\1eab07104f1a7353fdc4a40cc20c9269, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\2c5ea90cc05690ebb117b95a28837813, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\2d495a440ad0dc96f31eab8c05e0f223, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\33d8d2ae54c437a29724903605fae4b1, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\57cb8852ddbb097ee5629cf5ace7bb93, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\62600256222c671df402aaba1419c82e, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\68717afadcf8a8f73a49af8beffb9b7c, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\7d289693baa6e79f3716e1c4ac768ae6, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\b91cca9dd353c4031b1617aa0c673a4b, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\e7ae95722ae1e551261ab17f9e132ae0, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\f925b0881ef796dfb6bc5723265af7f2, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\fd882a3156c29ad620ad38294359426c, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.Groovorio.A, C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\nspdlgrvrio\fav_thumbs\fde3b32fb526b18d38d90c612b50433d, , [7c279257037883b31c10598ac53deb15],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe, , [30731dcc93e8a096a0a72ac2709248b8],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\libeay32.dll, , [30731dcc93e8a096a0a72ac2709248b8],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\nfapi.dll, , [30731dcc93e8a096a0a72ac2709248b8],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ProtocolFilters.dll, , [30731dcc93e8a096a0a72ac2709248b8],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ssleay32.dll, , [30731dcc93e8a096a0a72ac2709248b8],

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by JMR on 04.09.2014 at 15:07:45,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B52F1CEC-A571-4979-8EB9-9BB0786246AD}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\JMR\AppData\Roaming\mozilla\firefox\profiles\gz35j4uo.default\minidumps [50 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.09.2014 at 15:21:36,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by JMR at 2014-09-04 17:34:23
Running from C:\Users\JMR\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}) (Version: 1.3.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.25 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Break'n'Run (HKCU\...\Break'n'Run) (Version:  - )
BrowserSafeguard with RocketTab (HKLM-x32\...\RocketTab) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 13.2.0.8623k - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.12_SmartArea_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0019 - ASUS)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
PHOTOfunSTUDIO 4.0 HD Edition (HKLM-x32\...\{381D847E-7E56-4E82-B261-F799E0F40EB4}) (Version: 4.00.140 - Panasonic Corporation)
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version:  - Oberon Media)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.34 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.34 - Saal Digital Fotoservice GmbH) Hidden
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SILKYPIX Developer Studio 3.0 SE (HKLM-x32\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version:  - Oberon Media)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.13 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-09-2014 09:56:30 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-04 09:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B1F20F-2F8F-4774-B4B3-2413729F85E9} - System32\Tasks\{6CB8F38E-220D-4EA6-89F3-7FD07BF35949} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {04A06582-237D-4FAD-90AA-0B10CC1332DC} - System32\Tasks\{3F8B00AD-3DCC-4473-AB78-082789C67B81} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {07E07BFA-C5E6-4F42-A36A-C2A29B024A64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08B85B09-15CD-449A-ACCE-4D710642C00D} - System32\Tasks\{6734EEBA-407A-4CE6-B784-D01BEFC84050} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1258E861-AA6F-44B1-B24C-69B94A2DC967} - System32\Tasks\{D559F9E2-759E-4318-AF24-842ADF6B1556} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {12DF3EB6-0016-4F8E-8457-D0E21B0ECA7C} - System32\Tasks\{A1AEA5A2-5CD6-4B5E-AD8E-AED6A31BBAAB} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {13696A64-B5FA-42E1-8587-D3DB66D3F8FF} - System32\Tasks\{AD77C81F-3D4F-4DA1-B644-5D6CC55A89C3} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {16D669F0-46B8-4ADF-B261-BD5AC41C1687} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1A09FB9D-C413-4ECC-AD53-1737E53DA024} - System32\Tasks\{A7FEA7C7-6344-499F-AFE4-402B0BA98266} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {22D533EC-326C-4727-ADE3-0CFFBA7418EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {233F9EF5-F598-4FD2-B008-650733D34DCA} - System32\Tasks\{F9A87038-5643-4D2E-9413-629CAFB80771} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27089241-2C71-4A14-B31F-E27985ECADAC} - System32\Tasks\{832DCFE9-95D5-484F-8ECC-4CDE2E3AB202} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {270FCBA1-A29F-42FD-89EE-0CB70866A8BC} - System32\Tasks\{FF6FACE1-16CD-40ED-8789-D316D62C25D4} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2BEF415C-A8D5-4975-A996-EDCA71CF35CC} - System32\Tasks\{65D9773C-BF77-46E9-A8EB-E09885999AEA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2CC04C14-7666-461D-B5C7-15BD6FF53A90} - System32\Tasks\{9EA2B841-AA46-4C76-9DC0-CC86A4980442} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {33D75B08-5076-4FB4-B43A-977304D52984} - System32\Tasks\{2B848E28-A995-4180-9ABC-F15E73658471} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {33FEC9DC-0AB0-4B0A-A4E5-0E5F81C24661} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {39B561F6-69EC-4436-B059-2B60451D4E29} - System32\Tasks\{1A0CB159-08C3-4DCC-B239-F469C4C4E51A} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {423B88EC-A677-497E-890E-0D70B5CA494A} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {52BD11EE-30A0-4511-8BD3-3967D662B2AF} - System32\Tasks\{2AFA424D-8A61-4B7A-87E6-487F8B35B017} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5349F3EF-6DBC-42FC-94FD-ED22670CEFDA} - System32\Tasks\{F34F3E00-AC60-4F0E-8688-7AF6D6EB7B47} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5CDCA703-C793-4B70-A1B4-1282C5BBAE2A} - System32\Tasks\{1BA3B669-0280-4AB7-A578-2053255240C2} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5E4517D1-A6D5-4E13-9D5A-0F9C031BECC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {63096288-6AA8-4F78-A53F-DE7EEE6B10F1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {63B34D3B-BAB5-450B-8CD1-510FB70C0097} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {63B5A2D7-BC8D-4B5C-AE2B-9CF2AA4272E0} - System32\Tasks\{F2982E5D-CEB2-4604-BCFD-5EC035659011} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6571C3B6-0FDD-4BDD-8010-87C389B976F5} - System32\Tasks\{78416160-E916-4E9C-AAE4-EEE5E25074E8} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6571F630-599A-4F0B-8CAB-A47789EE045E} - System32\Tasks\{4A223F97-FF67-4351-B350-AAEDCA779B1F} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {66475C8E-0319-47CB-9BF2-FE8BE11312F6} - System32\Tasks\{E3FC8612-42FB-4B90-A7B8-9F5779D7951D} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6A5038C9-7DA5-4987-AF12-6B4534ED9C3A} - System32\Tasks\{B4EB44E8-A01C-4FE7-99D5-D2020CB818C7} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6CF373BF-2325-4AEF-B06F-23AC8CF968C6} - System32\Tasks\{2624AE12-354E-410E-858F-DEA8F0FD48BE} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6E2C93D2-8DC7-4C6B-925D-57DD2D460DC6} - System32\Tasks\{B94822C1-607B-4EC2-8B6E-825A5516E6C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {7211CE2F-2F1B-419C-9408-6F7645E8CBD0} - \RocketTab No Task File <==== ATTENTION
Task: {810505C9-00D5-4598-8288-FF72A6FC9178} - \FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9} No Task File <==== ATTENTION
Task: {89C08868-FBF2-4AB0-87FD-4E1E1E10863D} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {89FE92BE-BDD8-4631-AC17-86B611D60157} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {8FDE1513-59A0-4BE6-8E7F-BAB03AA2BCF3} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {96126B83-71EC-43A6-94A6-83673998060E} - System32\Tasks\{19A99E52-76EB-435F-BB39-BCA3EFBA4A09} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {992DE68C-AEF9-4A0C-9AC2-990B5CC600D2} - System32\Tasks\{E934E0D2-D1FB-45E2-AADD-03FC393670EF} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {99D61B18-41FD-482F-A4B6-3762E7D4E6A2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-07] (ATK)
Task: {A78C26BB-234E-4004-8E90-AB1BAE5FB73C} - System32\Tasks\{E99B91BB-C7D7-4913-81B5-0F77786CF7C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {A94E2932-1B11-4908-8749-E8E387CB98A2} - System32\Tasks\{632D5B1A-83EB-4FE9-BCA4-50D302793C93} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {AB2AD3F2-8939-4D06-A803-179FC7EFB3D0} - System32\Tasks\{B23594F3-28CE-42F4-B6F1-27DD7F363349} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ABF21798-A8F6-4A5F-9032-60DA6F93EE35} - System32\Tasks\{12A5ED1C-0B4E-48D8-A9D9-D5999E814FFD} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ADF97F85-9135-4841-9E6F-D3D5A3B40533} - System32\Tasks\{B0751EE5-17A5-4249-AB19-8F18C0837953} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {C1777662-88BF-43E2-A015-D113F5B5EDBE} - System32\Tasks\{010535D7-0CD0-47D9-8E4C-E6BA7CB7DB05} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {C1A48D86-0522-4CEA-8BFF-A202C20BF813} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C5C0D228-5BED-4795-85EB-DF2443D204A3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {CC34E114-24B6-47BC-B6D7-D3496342236E} - System32\Tasks\{50985744-12CB-4E0C-8C9C-45757E60FFC9} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {CF46610F-D7A9-48AA-B421-9981CB195D00} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-23] (TODO: <Company name>)
Task: {D2E54591-FC6B-44C3-B885-1AA498F39A20} - System32\Tasks\{E9698C53-1824-4CC7-A0B9-6663DDA0BD99} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D33A713D-0358-4968-8FF1-03F176651387} - System32\Tasks\{942CCF83-5B7B-4E48-9B8D-E6DB5F9FDFCA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {E0765BE3-4B5D-471A-856E-F76B0FA4BAE6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {EBE638D0-28F7-44F7-9CD8-A72A03B1DCD1} - System32\Tasks\{1946E732-0BF4-4ACE-B2E6-5F0A2C8B7B4C} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {F0F4B88C-30DF-4EE4-965F-0A64A418B861} - System32\Tasks\{82A1FC45-4F21-4D7B-9FF4-7B534722DEA2} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {FEAF62C6-A3D7-4F30-929B-8DE260A443E4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-10-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-09-12 22:09 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-04-06 18:26 - 2014-04-06 18:25 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2009-07-02 03:54 - 2009-07-02 03:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2010-09-12 22:19 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-24 14:50 - 2009-09-24 14:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-10-23 22:40 - 2009-10-23 22:40 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-09-11 21:27 - 2009-09-11 21:27 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-09-12 22:09 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-10-23 01:45 - 2009-10-23 01:45 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2014-07-04 20:20 - 2014-07-04 20:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-04 15:05 - 2014-09-04 15:05 - 02844672 _____ () C:\Program Files\AVAST Software\Avast\defs\14090400\algo.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-11-16 19:10 - 2007-07-27 16:10 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
2010-11-16 19:10 - 2009-07-03 14:04 - 00084992 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00074752 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
2010-11-16 19:10 - 2009-07-01 17:46 - 00461824 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
2010-11-16 19:10 - 2009-07-08 12:24 - 00167424 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00089088 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00065024 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
2010-11-16 19:10 - 2009-07-03 14:40 - 00085504 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
2010-11-16 19:10 - 2009-07-09 18:41 - 00222720 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
2010-11-16 19:10 - 2009-07-03 14:21 - 00042496 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
2010-11-16 19:10 - 2009-07-03 14:11 - 00267264 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00297984 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
2014-07-04 20:20 - 2014-07-04 20:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-03 13:10 - 2014-09-03 13:11 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 19:51 - 2014-07-08 19:51 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:115CEE00
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\JMR\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BitTorrent DNA => "C:\Program Files (x86)\DNA\btdna.exe"
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/04/2014 05:33:40 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 05:31:35 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 05:29:30 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 05:27:27 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 05:25:24 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 05:23:20 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 05:17:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/04/2014 05:17:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.

Error: (09/04/2014 05:17:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053

Error: (09/04/2014 05:17:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Tcp-Portfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 10:57:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-04 09:48:15.445
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-04 09:48:15.304
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-31 13:08:49.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-31 12:37:21.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 41%
Total physical RAM: 4061.02 MB
Available physical RAM: 2363.05 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 6156.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:39.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:4.83 GB) NTFS
Drive g: () (Removable) (Total:3.69 GB) (Free:0.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by JMR (administrator) on JMR-PC on 04-09-2014 17:32:59
Running from C:\Users\JMR\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(ASUS) C:\eSupport\SupThrSrv\SupThrSrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:49380;https=127.0.0.1:49380
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir=
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{53E4563B-DE4E-4624-9945-DCA6E92511E7}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Google Search) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (No Name) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-02]
CHR Extension: (avast! Online Security) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Extension: (Gmail) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-04-06] (RealNetworks, Inc.)
R2 SupThrSrv; C:\eSupport\SupThrSrv\SupThrSrv.exe [80512 2009-09-04] (ASUS)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 17:18 - 2014-09-04 17:18 - 00019314 _____ () C:\Windows\SysWOW64\rsslogs.20140904171748
2014-09-04 15:41 - 2014-09-04 15:41 - 00031374 _____ () C:\Windows\SysWOW64\rsslogs.20140904154021
2014-09-04 15:36 - 2014-09-04 15:36 - 00045955 _____ () C:\Users\JMR\Desktop\FRST 1.txt
2014-09-04 15:33 - 2014-09-04 15:33 - 00000900 _____ () C:\Users\JMR\Desktop\JRT 1.txt
2014-09-04 15:21 - 2014-09-04 15:21 - 00000900 _____ () C:\Users\JMR\Desktop\JRT.txt
2014-09-04 15:07 - 2014-09-04 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 15:05 - 2014-09-04 15:05 - 00041010 _____ () C:\Windows\SysWOW64\rsslogs.20140904150454
2014-09-04 14:40 - 2014-09-04 14:40 - 00028958 _____ () C:\Windows\SysWOW64\rsslogs.20140904143904
2014-09-04 14:37 - 2014-09-04 14:37 - 00027420 _____ () C:\Users\JMR\Desktop\xml datei.Xml
2014-09-04 14:37 - 2014-09-04 14:37 - 00009975 _____ () C:\Users\JMR\Desktop\text datei.txt
2014-09-04 13:42 - 2014-09-04 13:42 - 00067593 _____ () C:\Windows\SysWOW64\rsslogs.20140904134159
2014-09-04 13:38 - 2014-09-04 13:38 - 00003623 _____ () C:\Windows\SysWOW64\rsslogs.20140904133739
2014-09-04 13:22 - 2014-09-04 13:22 - 00018104 _____ () C:\Windows\SysWOW64\rsslogs.20140904132120
2014-09-04 13:16 - 2014-09-04 13:16 - 01016261 _____ (Thisisu) C:\Users\JMR\Downloads\JRT.exe
2014-09-04 13:07 - 2014-09-04 14:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 13:06 - 2014-09-04 13:06 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 13:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 13:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 13:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-04 13:03 - 2014-09-04 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JMR\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 12:59 - 2014-09-04 12:59 - 00025336 _____ () C:\Windows\SysWOW64\rsslogs.20140904125858
2014-09-04 12:54 - 2014-09-04 12:57 - 00000000 ____D () C:\AdwCleaner
2014-09-04 12:52 - 2014-09-04 12:52 - 01370483 _____ () C:\Users\JMR\Downloads\adwcleaner_3.309.exe
2014-09-04 12:42 - 2014-09-04 12:42 - 00242040 _____ (Software Installer ) C:\Users\JMR\Downloads\Setup.exe
2014-09-04 10:14 - 2014-09-04 10:14 - 00197891 _____ () C:\Windows\SysWOW64\rsslogs.20140904101355
2014-09-04 09:54 - 2014-09-04 09:54 - 00024352 _____ () C:\ComboFix.txt
2014-09-04 09:26 - 2014-09-04 09:54 - 00000000 ____D () C:\Qoobox
2014-09-04 09:26 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-04 09:26 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-04 09:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-04 09:25 - 2014-09-04 09:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 09:20 - 2014-09-04 09:20 - 05576326 ____R (Swearware) C:\Users\JMR\Downloads\ComboFix.exe
2014-09-04 09:14 - 2014-09-04 09:14 - 00071224 _____ () C:\Windows\SysWOW64\rsslogs.20140904091309
2014-09-03 13:10 - 2014-09-03 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-03 08:12 - 2014-09-03 08:12 - 00809793 _____ () C:\Windows\SysWOW64\rsslogs.20140903081134
2014-09-02 20:56 - 2014-09-02 20:57 - 00051582 _____ () C:\Users\JMR\Downloads\Addition.txt
2014-09-02 20:54 - 2014-09-04 17:33 - 00016693 _____ () C:\Users\JMR\Downloads\FRST.txt
2014-09-02 20:54 - 2014-09-04 17:33 - 00000000 ____D () C:\FRST
2014-09-02 20:52 - 2014-09-02 20:53 - 02104832 _____ (Farbar) C:\Users\JMR\Downloads\FRST64.exe
2014-09-02 20:49 - 2014-09-04 12:39 - 00000468 _____ () C:\Users\JMR\Downloads\defogger_disable.log
2014-09-02 20:49 - 2014-09-02 20:49 - 00000000 _____ () C:\Users\JMR\defogger_reenable
2014-09-02 20:47 - 2014-09-02 20:47 - 00050477 _____ () C:\Users\JMR\Downloads\Defogger.exe
2014-09-02 19:48 - 2014-09-02 19:48 - 00178610 _____ () C:\Windows\SysWOW64\rsslogs.20140902194757
2014-09-02 19:33 - 2014-09-02 19:39 - 91906368 _____ (AVAST Software) C:\Users\JMR\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-02 12:26 - 2014-09-02 12:26 - 00126704 _____ () C:\Windows\SysWOW64\rsslogs.20140902122505
2014-09-02 10:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-02 10:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-02 10:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-02 10:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-02 10:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-02 10:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-02 10:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-02 10:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-02 08:59 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-02 08:59 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-02 08:58 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-02 08:58 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-02 08:58 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-02 08:58 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-02 08:58 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-02 08:58 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-02 08:58 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-02 08:58 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-02 08:58 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-02 08:58 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-02 08:55 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-02 08:55 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-02 08:55 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-02 08:55 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-02 08:55 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-02 08:55 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-02 08:55 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-02 08:55 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-02 08:55 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-02 08:55 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-02 08:55 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-02 08:55 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-02 08:55 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-02 08:55 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-02 08:55 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-02 08:55 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-02 08:55 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-02 08:55 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-02 08:55 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-02 08:55 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-02 08:55 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-02 08:55 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-02 08:55 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-02 08:55 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-02 08:55 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-02 08:55 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-02 08:55 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-02 08:55 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-02 08:55 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-02 08:55 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-02 08:55 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-02 08:55 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-02 08:55 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-02 08:55 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-02 08:55 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-02 08:55 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-02 08:55 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-02 08:55 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-02 08:55 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-02 08:55 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-02 08:55 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-02 08:55 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-02 08:55 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-02 08:55 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-02 08:55 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-02 08:55 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-02 08:55 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-02 08:55 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-02 08:55 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-02 08:55 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-02 08:55 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-02 08:55 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-02 08:55 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-02 08:55 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-02 08:55 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-02 08:55 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-02 08:51 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 08:51 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 08:51 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 08:51 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-02 08:51 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 23:11 - 2014-09-01 23:11 - 00634559 _____ () C:\Windows\SysWOW64\rsslogs.20140901231040
2014-09-01 21:59 - 2014-09-02 08:18 - 00000000 ____D () C:\e9da33e2ef00251bf164
2014-08-31 19:57 - 2014-08-31 19:58 - 00000000 ____D () C:\Users\JMR\Desktop\manu
2014-08-29 19:37 - 2014-08-29 19:37 - 00000000 ____D () C:\Users\Public\Documents\Canon MyCameraFiles
2014-08-28 23:31 - 2014-08-28 23:31 - 00003301 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2014-08-28 23:12 - 2014-09-02 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luminance HDR
2014-08-28 23:12 - 2014-09-02 09:04 - 00000000 ____D () C:\Program Files (x86)\Luminance HDR
2014-08-28 23:12 - 2014-08-28 23:12 - 00000000 ____D () C:\Users\JMR\LuminanceHDR
2014-08-28 11:21 - 2014-08-28 11:21 - 00000000 ____D () C:\Users\JMR\AppData\Local\Adobe
2014-08-27 12:21 - 2014-08-27 12:21 - 00016897 _____ () C:\Windows\SysWOW64\rsslogs.20140827122031
2014-08-07 20:45 - 2014-08-07 20:45 - 00009661 _____ () C:\Windows\SysWOW64\rsslogs.20140807204423
2014-08-07 20:44 - 2014-09-01 23:10 - 00003162 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-08-07 10:24 - 2014-08-07 10:24 - 00400765 _____ () C:\Windows\SysWOW64\rsslogs.20140807102308
2014-08-07 08:15 - 2014-08-07 08:15 - 00012081 _____ () C:\Windows\SysWOW64\rsslogs.20140807081359
2014-08-07 06:21 - 2014-08-07 06:21 - 00055525 _____ () C:\Windows\SysWOW64\rsslogs.20140807062006
2014-08-06 07:20 - 2014-08-06 07:20 - 00648265 _____ () C:\Windows\SysWOW64\rsslogs.20140806071956
2014-08-05 20:26 - 2014-08-05 20:26 - 00037439 _____ () C:\Windows\SysWOW64\rsslogs.20140805202529
2014-08-05 15:30 - 2014-08-05 15:30 - 00109841 _____ () C:\Windows\SysWOW64\rsslogs.20140805152903
2014-08-05 07:20 - 2014-08-05 07:21 - 00000000 ____D () C:\Users\JMR\Desktop\add familienkasse
2014-08-05 07:19 - 2014-08-05 07:19 - 00282383 _____ () C:\Windows\SysWOW64\rsslogs.20140805071832

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 17:33 - 2014-09-02 20:54 - 00016693 _____ () C:\Users\JMR\Downloads\FRST.txt
2014-09-04 17:33 - 2014-09-02 20:54 - 00000000 ____D () C:\FRST
2014-09-04 17:24 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 17:24 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 17:23 - 2010-09-12 21:40 - 01213593 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 17:18 - 2014-09-04 17:18 - 00019314 _____ () C:\Windows\SysWOW64\rsslogs.20140904171748
2014-09-04 17:17 - 2014-05-07 07:51 - 00013171 _____ () C:\Windows\setupact.log
2014-09-04 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 15:51 - 2012-11-30 11:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 15:41 - 2014-09-04 15:41 - 00031374 _____ () C:\Windows\SysWOW64\rsslogs.20140904154021
2014-09-04 15:36 - 2014-09-04 15:36 - 00045955 _____ () C:\Users\JMR\Desktop\FRST 1.txt
2014-09-04 15:33 - 2014-09-04 15:33 - 00000900 _____ () C:\Users\JMR\Desktop\JRT 1.txt
2014-09-04 15:21 - 2014-09-04 15:21 - 00000900 _____ () C:\Users\JMR\Desktop\JRT.txt
2014-09-04 15:07 - 2014-09-04 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 15:05 - 2014-09-04 15:05 - 00041010 _____ () C:\Windows\SysWOW64\rsslogs.20140904150454
2014-09-04 15:05 - 2013-03-21 23:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 15:04 - 2014-07-05 08:59 - 00023996 _____ () C:\Windows\PFRO.log
2014-09-04 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-04 14:40 - 2014-09-04 14:40 - 00028958 _____ () C:\Windows\SysWOW64\rsslogs.20140904143904
2014-09-04 14:40 - 2014-09-04 13:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 14:39 - 2011-05-17 23:16 - 00003332 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001
2014-09-04 14:39 - 2011-05-17 23:16 - 00003194 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001
2014-09-04 14:38 - 2009-07-29 07:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-09-04 14:37 - 2014-09-04 14:37 - 00027420 _____ () C:\Users\JMR\Desktop\xml datei.Xml
2014-09-04 14:37 - 2014-09-04 14:37 - 00009975 _____ () C:\Users\JMR\Desktop\text datei.txt
2014-09-04 13:42 - 2014-09-04 13:42 - 00067593 _____ () C:\Windows\SysWOW64\rsslogs.20140904134159
2014-09-04 13:38 - 2014-09-04 13:38 - 00003623 _____ () C:\Windows\SysWOW64\rsslogs.20140904133739
2014-09-04 13:22 - 2014-09-04 13:22 - 00018104 _____ () C:\Windows\SysWOW64\rsslogs.20140904132120
2014-09-04 13:21 - 2010-09-12 22:19 - 00001807 _____ () C:\Windows\system32\ServiceFilter.ini
2014-09-04 13:16 - 2014-09-04 13:16 - 01016261 _____ (Thisisu) C:\Users\JMR\Downloads\JRT.exe
2014-09-04 13:06 - 2014-09-04 13:06 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 13:03 - 2014-09-04 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JMR\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 12:59 - 2014-09-04 12:59 - 00025336 _____ () C:\Windows\SysWOW64\rsslogs.20140904125858
2014-09-04 12:57 - 2014-09-04 12:54 - 00000000 ____D () C:\AdwCleaner
2014-09-04 12:52 - 2014-09-04 12:52 - 01370483 _____ () C:\Users\JMR\Downloads\adwcleaner_3.309.exe
2014-09-04 12:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-04 12:42 - 2014-09-04 12:42 - 00242040 _____ (Software Installer ) C:\Users\JMR\Downloads\Setup.exe
2014-09-04 12:39 - 2014-09-02 20:49 - 00000468 _____ () C:\Users\JMR\Downloads\defogger_disable.log
2014-09-04 10:14 - 2014-09-04 10:14 - 00197891 _____ () C:\Windows\SysWOW64\rsslogs.20140904101355
2014-09-04 10:13 - 2014-04-05 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-04 10:11 - 2010-11-16 18:14 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 10:08 - 2013-04-27 18:06 - 01690338 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-04 10:08 - 2009-08-04 11:51 - 00739448 _____ () C:\Windows\system32\perfh007.dat
2014-09-04 10:08 - 2009-08-04 11:51 - 00161712 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 10:08 - 2009-07-14 07:13 - 01690338 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 10:02 - 2010-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-04 09:54 - 2014-09-04 09:54 - 00024352 _____ () C:\ComboFix.txt
2014-09-04 09:54 - 2014-09-04 09:26 - 00000000 ____D () C:\Qoobox
2014-09-04 09:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-04 09:51 - 2014-09-04 09:25 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 09:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-04 09:20 - 2014-09-04 09:20 - 05576326 ____R (Swearware) C:\Users\JMR\Downloads\ComboFix.exe
2014-09-04 09:14 - 2014-09-04 09:14 - 00071224 _____ () C:\Windows\SysWOW64\rsslogs.20140904091309
2014-09-03 13:11 - 2014-09-03 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-03 12:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-03 08:12 - 2014-09-03 08:12 - 00809793 _____ () C:\Windows\SysWOW64\rsslogs.20140903081134
2014-09-02 20:57 - 2014-09-02 20:56 - 00051582 _____ () C:\Users\JMR\Downloads\Addition.txt
2014-09-02 20:53 - 2014-09-02 20:52 - 02104832 _____ (Farbar) C:\Users\JMR\Downloads\FRST64.exe
2014-09-02 20:49 - 2014-09-02 20:49 - 00000000 _____ () C:\Users\JMR\defogger_reenable
2014-09-02 20:49 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR
2014-09-02 20:47 - 2014-09-02 20:47 - 00050477 _____ () C:\Users\JMR\Downloads\Defogger.exe
2014-09-02 19:48 - 2014-09-02 19:48 - 00178610 _____ () C:\Windows\SysWOW64\rsslogs.20140902194757
2014-09-02 19:42 - 2013-09-10 08:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 19:42 - 2013-03-21 23:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 19:39 - 2014-09-02 19:33 - 91906368 _____ (AVAST Software) C:\Users\JMR\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-02 12:26 - 2014-09-02 12:26 - 00126704 _____ () C:\Windows\SysWOW64\rsslogs.20140902122505
2014-09-02 12:24 - 2009-07-14 06:45 - 00346184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 10:46 - 2010-11-20 12:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-02 10:36 - 2013-08-14 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-02 10:28 - 2010-11-22 20:58 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-02 09:06 - 2012-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-09-02 09:05 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-02 09:05 - 2010-11-23 18:10 - 00000000 ____D () C:\Users\Gast
2014-09-02 09:05 - 2010-09-12 22:17 - 00000000 ____D () C:\ProgramData\P4G
2014-09-02 09:05 - 2009-08-04 11:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-02 09:04 - 2014-08-28 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luminance HDR
2014-09-02 09:04 - 2014-08-28 23:12 - 00000000 ____D () C:\Program Files (x86)\Luminance HDR
2014-09-02 09:04 - 2013-10-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-02 09:04 - 2013-08-08 20:29 - 00000000 ____D () C:\Users\JMR\AppData\Local\gtk-2.0
2014-09-02 09:04 - 2011-09-11 15:59 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\elsterformular
2014-09-02 09:04 - 2011-09-11 15:58 - 00000000 ____D () C:\ProgramData\elsterformular
2014-09-02 09:04 - 2011-09-11 15:58 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-09-02 09:04 - 2010-11-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-09-02 09:04 - 2010-11-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-09-02 09:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-02 08:48 - 2011-05-17 23:15 - 00000000 ____D () C:\ProgramData\Real
2014-09-02 08:47 - 2011-05-22 21:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 08:18 - 2014-09-01 21:59 - 00000000 ____D () C:\e9da33e2ef00251bf164
2014-09-01 23:11 - 2014-09-01 23:11 - 00634559 _____ () C:\Windows\SysWOW64\rsslogs.20140901231040
2014-09-01 23:10 - 2014-08-07 20:44 - 00003162 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-08-31 20:03 - 2014-01-05 12:36 - 00000000 ____D () C:\Users\JMR\Desktop\Strom 2014
2014-08-31 19:58 - 2014-08-31 19:57 - 00000000 ____D () C:\Users\JMR\Desktop\manu
2014-08-31 19:13 - 2014-05-03 19:41 - 00000000 ____D () C:\Users\JMR\Desktop\Cachen
2014-08-30 21:09 - 2013-10-27 10:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-29 19:37 - 2014-08-29 19:37 - 00000000 ____D () C:\Users\Public\Documents\Canon MyCameraFiles
2014-08-28 23:45 - 2013-08-08 20:26 - 00000000 ____D () C:\Users\JMR\.gimp-2.8
2014-08-28 23:31 - 2014-08-28 23:31 - 00003301 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2014-08-28 23:12 - 2014-08-28 23:12 - 00000000 ____D () C:\Users\JMR\LuminanceHDR
2014-08-28 11:21 - 2014-08-28 11:21 - 00000000 ____D () C:\Users\JMR\AppData\Local\Adobe
2014-08-27 12:23 - 2010-11-16 11:38 - 00003098 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-08-27 12:21 - 2014-08-27 12:21 - 00016897 _____ () C:\Windows\SysWOW64\rsslogs.20140827122031
2014-08-25 06:53 - 2011-05-01 21:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-09-02 08:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-02 08:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-02 08:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-07 20:45 - 2014-08-07 20:45 - 00009661 _____ () C:\Windows\SysWOW64\rsslogs.20140807204423
2014-08-07 10:24 - 2014-08-07 10:24 - 00400765 _____ () C:\Windows\SysWOW64\rsslogs.20140807102308
2014-08-07 08:15 - 2014-08-07 08:15 - 00012081 _____ () C:\Windows\SysWOW64\rsslogs.20140807081359
2014-08-07 06:21 - 2014-08-07 06:21 - 00055525 _____ () C:\Windows\SysWOW64\rsslogs.20140807062006
2014-08-06 07:20 - 2014-08-06 07:20 - 00648265 _____ () C:\Windows\SysWOW64\rsslogs.20140806071956
2014-08-05 20:26 - 2014-08-05 20:26 - 00037439 _____ () C:\Windows\SysWOW64\rsslogs.20140805202529
2014-08-05 20:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 15:30 - 2014-08-05 15:30 - 00109841 _____ () C:\Windows\SysWOW64\rsslogs.20140805152903
2014-08-05 07:21 - 2014-08-05 07:20 - 00000000 ____D () C:\Users\JMR\Desktop\add familienkasse
2014-08-05 07:21 - 2013-06-24 10:33 - 00000000 ____D () C:\Users\JMR\Desktop\Rechnung amazon oral
2014-08-05 07:21 - 2013-01-21 21:02 - 00000000 ____D () C:\Users\JMR\Desktop\steuer 2011
2014-08-05 07:19 - 2014-08-05 07:19 - 00282383 _____ () C:\Windows\SysWOW64\rsslogs.20140805071832

ZeroAccess:
C:\Users\JMR\AppData\Local\641b1657
C:\Users\JMR\AppData\Local\641b1657\@

Some content of TEMP:
====================
C:\Users\JMR\AppData\Local\Temp\avgnt.exe
C:\Users\JMR\AppData\Local\Temp\CloudBackup1278.exe
C:\Users\JMR\AppData\Local\Temp\nst6E51.tmp.exe
C:\Users\JMR\AppData\Local\Temp\Quarantine.exe
C:\Users\JMR\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\JMR\AppData\Local\Temp\System.Data.SQLite56041.dll
C:\Users\JMR\AppData\Local\Temp\System.Data.SQLite88982.dll
C:\Users\JMR\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 12:29

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
# AdwCleaner v3.309 - Bericht erstellt am 04/09/2014 um 12:57:17
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : JMR - JMR-PC
# Gestartet von : C:\Users\JMR\Downloads\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : AllDaySavingsService64
Dienst Gelöscht : netfilter64
Dienst Gelöscht : wStLibG64
Dienst Gelöscht : cyycfhtzro64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\Groovorio
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Softonic_Deutsch_FF
Ordner Gelöscht : C:\Program Files\AllDaySavings
Ordner Gelöscht : C:\Program Files\005
Ordner Gelöscht : C:\Users\DefaultAppPool\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Softonic_Deutsch_FF
Ordner Gelöscht : C:\Users\JMR\AppData\Local\apn
Ordner Gelöscht : C:\Users\JMR\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\JMR\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\JMR\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\JMR\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\JMR\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\JMR\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\JMR\AppData\LocalLow\Softonic_Deutsch_FF
Ordner Gelöscht : C:\Users\JMR\AppData\Roaming\Groovorio
Ordner Gelöscht : C:\Users\JMR\AppData\Roaming\qone8
Ordner Gelöscht : C:\Users\JMR\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\JMR\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
Ordner Gelöscht : C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Ordner Gelöscht : C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\drivers\wStLibG64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml
Datei Gelöscht : C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\user.js
Datei Gelöscht : C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BRS]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_recuva_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_recuva_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D81AF43-DE53-48D0-A199-42C2A226B24C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFF0A198-42A2-40D4-A4F9-DB6730EE5738}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16E798C7-110B-4AD1-BD3C-32D02F04D0C7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Groovorio
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch_FF
Schlüssel Gelöscht : HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\qone8Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Softonic_Deutsch_FF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Groovorio
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch_FF Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0 (x86 de)

[ Datei : C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Groovorio");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Groovorio");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCy[...]

-\\ Google Chrome v

[ Datei : C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11151 octets] - [04/09/2014 12:54:40]
AdwCleaner[S0].txt - [9676 octets] - [04/09/2014 12:57:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9736 octets] ##########

M-K-D-B 04.09.2014 18:05
So geht es weiter:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
ProxyServer: http=127.0.0.1:49380;https=127.0.0.1:49380
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir=
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23
C:\Users\JMR\AppData\Local\641b1657
Task: {33FEC9DC-0AB0-4B0A-A4E5-0E5F81C24661} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {7211CE2F-2F1B-419C-9408-6F7645E8CBD0} - \RocketTab No Task File <==== ATTENTION
Task: {810505C9-00D5-4598-8288-FF72A6FC9178} - \FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9} No Task File <==== ATTENTION
Task: {CC34E114-24B6-47BC-B6D7-D3496342236E} - System32\Tasks\{50985744-12CB-4E0C-8C9C-45757E60FFC9} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC
AlternateDataStreams: C:\ProgramData\Temp:115CEE00
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    netfilter64
    AllDaySavings
    Conduit
    Groovorio
    Softonic
    SearchProtect
    Systweak
    RocketTab
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.






Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.

jmm20008 04.09.2014 18:43
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by JMR at 2014-09-04 19:17:28 Run:1
Running from C:\Users\JMR\Downloads\Neuer Ordner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ProxyServer: http=127.0.0.1:49380;https=127.0.0.1:49380
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir=
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23
C:\Users\JMR\AppData\Local\641b1657
Task: {33FEC9DC-0AB0-4B0A-A4E5-0E5F81C24661} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {7211CE2F-2F1B-419C-9408-6F7645E8CBD0} - \RocketTab No Task File <==== ATTENTION
Task: {810505C9-00D5-4598-8288-FF72A6FC9178} - \FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9} No Task File <==== ATTENTION
Task: {CC34E114-24B6-47BC-B6D7-D3496342236E} - System32\Tasks\{50985744-12CB-4E0C-8C9C-45757E60FFC9} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC
AlternateDataStreams: C:\ProgramData\Temp:115CEE00
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
EmptyTemp:
end
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
"HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23" => File/Directory not found.
C:\Users\JMR\AppData\Local\641b1657 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33FEC9DC-0AB0-4B0A-A4E5-0E5F81C24661}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33FEC9DC-0AB0-4B0A-A4E5-0E5F81C24661}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7211CE2F-2F1B-419C-9408-6F7645E8CBD0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7211CE2F-2F1B-419C-9408-6F7645E8CBD0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{810505C9-00D5-4598-8288-FF72A6FC9178}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{810505C9-00D5-4598-8288-FF72A6FC9178}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {06264720-307D-4F20-AE55-4E572A2F7FE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC34E114-24B6-47BC-B6D7-D3496342236E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC34E114-24B6-47BC-B6D7-D3496342236E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{50985744-12CB-4E0C-8C9C-45757E60FFC9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{50985744-12CB-4E0C-8C9C-45757E60FFC9}" => Key deleted successfully.
"C:\Program Files (x86)\Uniblue\SpeedUpMyPC" => File/Directory not found.
C:\ProgramData\Temp => ":115CEE00" ADS removed successfully.
C:\ProgramData\Temp => ":2F370DA6" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:29 on 04/09/2014 by JMR
Administrator - Elevation successful

========== regfind ==========

Searching for "netfilter64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETFILTER64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETFILTER64\0000]
"Service"="netfilter64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETFILTER64\0000]
"DeviceDesc"="netfilter64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETFILTER64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETFILTER64\0000]
"Service"="netfilter64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETFILTER64\0000]
"DeviceDesc"="netfilter64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64\0000]
"Service"="netfilter64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64\0000]
"DeviceDesc"="netfilter64"

Searching for "AllDaySavings"
[HKEY_LOCAL_MACHINE\SOFTWARE\AllDaySavings ]

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\V-bates\script_storage]
"whiteListSearch"="{"isearch.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","search.yahoo.com":"p","www.bing.com":"q","www.ask.com":"q","search.aol.com":"q","www.google.com":"q","www.google.de":"q","www.google.fr":"q","www.google.co.uk":"q","www.google.com.au":"q","www.google.ca":"q"}|||8641398544012751"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="yahoo.com google.com conduit.com"
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\V-bates\script_storage]
"whiteListSearch"="{"isearch.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","search.yahoo.com":"p","www.bing.com":"q","www.ask.com":"q","search.aol.com":"q","www.google.com":"q","www.google.de":"q","www.google.fr":"q","www.google.co.uk":"q","www.google.com.au":"q","www.google.ca":"q"}|||8641398544012751"
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="yahoo.com google.com conduit.com"

Searching for "Groovorio"
[HKEY_CURRENT_USER\Software\BRS\Browsers\Chrome]
"DSP"="hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_CURRENT_USER\Software\BRS\Browsers\Chrome]
"HP"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_CURRENT_USER\Software\BRS\Browsers\Firefox]
"DSP"="hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_CURRENT_USER\Software\BRS\Browsers\Firefox]
"HP"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_CURRENT_USER\Software\BRS\Browsers\Internet Explorer]
"DSP"="hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_CURRENT_USER\Software\BRS\Browsers\Internet Explorer]
"HP"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_CURRENT_USER\Software\BRS\Config]
"AboutURL"="hxxp://getgroovorio.com/plearn"
[HKEY_CURRENT_USER\Software\BRS\Config]
"PrSub"="prGroovorio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}\Instl\Data]
"hp_url"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}\Instl\Data]
"tlbrSrchUrl"="hxxp://groovorio.com/?f=3&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir=&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}\Instl\Data]
"hp_url"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}\Instl\Data]
"tlbrSrchUrl"="hxxp://groovorio.com/?f=3&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir=&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]
"AppPath"="C:\Program Files (x86)\Groovorio\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}\Instl\Data]
"hp_url"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}\Instl\Data]
"tlbrSrchUrl"="hxxp://groovorio.com/?f=3&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir=&q="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Browsers\Chrome]
"DSP"="hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Browsers\Chrome]
"HP"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Browsers\Firefox]
"DSP"="hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Browsers\Firefox]
"HP"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Browsers\Internet Explorer]
"DSP"="hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Browsers\Internet Explorer]
"HP"="hxxp://groovorio.com/?f=1&a=grv_adk1_14_29&cd=2XzuyEtN2Y1L1QzuyByE0FtDyC0D0AyEtD0AtDzytDtA0DtBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtC1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StAyC0AzztDyD0FtDtG0DyB0B0FtGtD0E0D0EtG0E0Dzy0AtGtDyC0EzyyB0D0A0E0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDzz0FyDzytG0A0B0D0DtGyE0C0CyEtGzyyEyCtDtG0B0ByD0E0CtDtCzy0AtC0Fzz2Q&cr=584615180&ir="
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Config]
"AboutURL"="hxxp://getgroovorio.com/plearn"
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\BRS\Config]
"PrSub"="prGroovorio"

Searching for "Softonic"
No data found.

Searching for "SearchProtect"
No data found.

Searching for "Systweak"
No data found.

Searching for "RocketTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
"DisplayName"="BrowserSafeguard with RocketTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
"DisplayIcon"="C:\Program Files (x86)\RocketTab\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
"Publisher"="BrowserSafeguard with RocketTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
"InstallLocation"="C:\Program Files (x86)\RocketTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
"UninstallString"=""C:\Program Files (x86)\RocketTab\uninstall.exe" /u=true /UserID=e4847f3f-c6e4-42a1-8507-69a0c8c24b64 /SourceID=google_downloadair.com|google_browsersafeguard-CPC-Display-DE-336x280-downloadair.com-41395645745 /ImplementationID=browsersafeguard-rockettab /UC=20140904"

Searching for "        "
[HKEY_CURRENT_USER\Software\Logitech\info]
"Processor"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]
"ProcessorNameString"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1]
"ProcessorNameString"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\WIA\Devices\MP610 series]
"ProductId"="MP610          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"PCModel"="UL50VT              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_Intel64_Family_6_Model_23_-_Genuine_Intel(R)_CPU___________U7300__@_1.30GHz\_1]
"FriendlyName"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_Intel64_Family_6_Model_23_-_Genuine_Intel(R)_CPU___________U7300__@_1.30GHz\_2]
"FriendlyName"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1638#AA19153100000005&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_Intel64_Family_6_Model_23_-_Genuine_Intel(R)_CPU___________U7300__@_1.30GHz\_1]
"FriendlyName"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_Intel64_Family_6_Model_23_-_Genuine_Intel(R)_CPU___________U7300__@_1.30GHz\_2]
"FriendlyName"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1638#AA19153100000005&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_Intel64_Family_6_Model_23_-_Genuine_Intel(R)_CPU___________U7300__@_1.30GHz\_1]
"FriendlyName"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_Intel64_Family_6_Model_23_-_Genuine_Intel(R)_CPU___________U7300__@_1.30GHz\_2]
"FriendlyName"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1638#AA19153100000005&0#]
"DeviceDesc"="                "
[HKEY_USERS\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\Logitech\info]
"Processor"="Genuine Intel(R) CPU          U7300  @ 1.30GHz"

-= EOF =-
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by JMR at 2014-09-04 19:39:48
Running from C:\Users\JMR\Downloads\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}) (Version: 1.3.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.25 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Break'n'Run (HKCU\...\Break'n'Run) (Version:  - )
BrowserSafeguard with RocketTab (HKLM-x32\...\RocketTab) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 13.2.0.8623k - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.12_SmartArea_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0019 - ASUS)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
PHOTOfunSTUDIO 4.0 HD Edition (HKLM-x32\...\{381D847E-7E56-4E82-B261-F799E0F40EB4}) (Version: 4.00.140 - Panasonic Corporation)
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version:  - Oberon Media)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.34 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.34 - Saal Digital Fotoservice GmbH) Hidden
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SILKYPIX Developer Studio 3.0 SE (HKLM-x32\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version:  - Oberon Media)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.13 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-09-2014 09:56:30 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-04 09:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B1F20F-2F8F-4774-B4B3-2413729F85E9} - System32\Tasks\{6CB8F38E-220D-4EA6-89F3-7FD07BF35949} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {04A06582-237D-4FAD-90AA-0B10CC1332DC} - System32\Tasks\{3F8B00AD-3DCC-4473-AB78-082789C67B81} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {07E07BFA-C5E6-4F42-A36A-C2A29B024A64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08B85B09-15CD-449A-ACCE-4D710642C00D} - System32\Tasks\{6734EEBA-407A-4CE6-B784-D01BEFC84050} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1258E861-AA6F-44B1-B24C-69B94A2DC967} - System32\Tasks\{D559F9E2-759E-4318-AF24-842ADF6B1556} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {12DF3EB6-0016-4F8E-8457-D0E21B0ECA7C} - System32\Tasks\{A1AEA5A2-5CD6-4B5E-AD8E-AED6A31BBAAB} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {13696A64-B5FA-42E1-8587-D3DB66D3F8FF} - System32\Tasks\{AD77C81F-3D4F-4DA1-B644-5D6CC55A89C3} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {16D669F0-46B8-4ADF-B261-BD5AC41C1687} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1A09FB9D-C413-4ECC-AD53-1737E53DA024} - System32\Tasks\{A7FEA7C7-6344-499F-AFE4-402B0BA98266} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {22D533EC-326C-4727-ADE3-0CFFBA7418EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {233F9EF5-F598-4FD2-B008-650733D34DCA} - System32\Tasks\{F9A87038-5643-4D2E-9413-629CAFB80771} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27089241-2C71-4A14-B31F-E27985ECADAC} - System32\Tasks\{832DCFE9-95D5-484F-8ECC-4CDE2E3AB202} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {270FCBA1-A29F-42FD-89EE-0CB70866A8BC} - System32\Tasks\{FF6FACE1-16CD-40ED-8789-D316D62C25D4} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2BEF415C-A8D5-4975-A996-EDCA71CF35CC} - System32\Tasks\{65D9773C-BF77-46E9-A8EB-E09885999AEA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2CC04C14-7666-461D-B5C7-15BD6FF53A90} - System32\Tasks\{9EA2B841-AA46-4C76-9DC0-CC86A4980442} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {3144A218-F795-43E7-8936-37A10F561DCB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {33D75B08-5076-4FB4-B43A-977304D52984} - System32\Tasks\{2B848E28-A995-4180-9ABC-F15E73658471} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {39B561F6-69EC-4436-B059-2B60451D4E29} - System32\Tasks\{1A0CB159-08C3-4DCC-B239-F469C4C4E51A} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {423B88EC-A677-497E-890E-0D70B5CA494A} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {52BD11EE-30A0-4511-8BD3-3967D662B2AF} - System32\Tasks\{2AFA424D-8A61-4B7A-87E6-487F8B35B017} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5349F3EF-6DBC-42FC-94FD-ED22670CEFDA} - System32\Tasks\{F34F3E00-AC60-4F0E-8688-7AF6D6EB7B47} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5CDCA703-C793-4B70-A1B4-1282C5BBAE2A} - System32\Tasks\{1BA3B669-0280-4AB7-A578-2053255240C2} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5E4517D1-A6D5-4E13-9D5A-0F9C031BECC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {63B34D3B-BAB5-450B-8CD1-510FB70C0097} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {63B5A2D7-BC8D-4B5C-AE2B-9CF2AA4272E0} - System32\Tasks\{F2982E5D-CEB2-4604-BCFD-5EC035659011} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6571C3B6-0FDD-4BDD-8010-87C389B976F5} - System32\Tasks\{78416160-E916-4E9C-AAE4-EEE5E25074E8} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6571F630-599A-4F0B-8CAB-A47789EE045E} - System32\Tasks\{4A223F97-FF67-4351-B350-AAEDCA779B1F} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {66475C8E-0319-47CB-9BF2-FE8BE11312F6} - System32\Tasks\{E3FC8612-42FB-4B90-A7B8-9F5779D7951D} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6A5038C9-7DA5-4987-AF12-6B4534ED9C3A} - System32\Tasks\{B4EB44E8-A01C-4FE7-99D5-D2020CB818C7} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6CF373BF-2325-4AEF-B06F-23AC8CF968C6} - System32\Tasks\{2624AE12-354E-410E-858F-DEA8F0FD48BE} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6E2C93D2-8DC7-4C6B-925D-57DD2D460DC6} - System32\Tasks\{B94822C1-607B-4EC2-8B6E-825A5516E6C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {89C08868-FBF2-4AB0-87FD-4E1E1E10863D} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {8FDE1513-59A0-4BE6-8E7F-BAB03AA2BCF3} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {90564CEE-AC46-4499-91F6-3594EFC242DA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {96126B83-71EC-43A6-94A6-83673998060E} - System32\Tasks\{19A99E52-76EB-435F-BB39-BCA3EFBA4A09} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {992DE68C-AEF9-4A0C-9AC2-990B5CC600D2} - System32\Tasks\{E934E0D2-D1FB-45E2-AADD-03FC393670EF} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {99D61B18-41FD-482F-A4B6-3762E7D4E6A2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-07] (ATK)
Task: {A78C26BB-234E-4004-8E90-AB1BAE5FB73C} - System32\Tasks\{E99B91BB-C7D7-4913-81B5-0F77786CF7C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {A94E2932-1B11-4908-8749-E8E387CB98A2} - System32\Tasks\{632D5B1A-83EB-4FE9-BCA4-50D302793C93} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {AB2AD3F2-8939-4D06-A803-179FC7EFB3D0} - System32\Tasks\{B23594F3-28CE-42F4-B6F1-27DD7F363349} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ABF21798-A8F6-4A5F-9032-60DA6F93EE35} - System32\Tasks\{12A5ED1C-0B4E-48D8-A9D9-D5999E814FFD} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ADF97F85-9135-4841-9E6F-D3D5A3B40533} - System32\Tasks\{B0751EE5-17A5-4249-AB19-8F18C0837953} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {C1777662-88BF-43E2-A015-D113F5B5EDBE} - System32\Tasks\{010535D7-0CD0-47D9-8E4C-E6BA7CB7DB05} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {C1A48D86-0522-4CEA-8BFF-A202C20BF813} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C5C0D228-5BED-4795-85EB-DF2443D204A3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {CF46610F-D7A9-48AA-B421-9981CB195D00} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-23] (TODO: <Company name>)
Task: {D2E54591-FC6B-44C3-B885-1AA498F39A20} - System32\Tasks\{E9698C53-1824-4CC7-A0B9-6663DDA0BD99} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D33A713D-0358-4968-8FF1-03F176651387} - System32\Tasks\{942CCF83-5B7B-4E48-9B8D-E6DB5F9FDFCA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {E0765BE3-4B5D-471A-856E-F76B0FA4BAE6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {EBE638D0-28F7-44F7-9CD8-A72A03B1DCD1} - System32\Tasks\{1946E732-0BF4-4ACE-B2E6-5F0A2C8B7B4C} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {F0F4B88C-30DF-4EE4-965F-0A64A418B861} - System32\Tasks\{82A1FC45-4F21-4D7B-9FF4-7B534722DEA2} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {FEAF62C6-A3D7-4F30-929B-8DE260A443E4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-10-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-09-12 22:09 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-04-06 18:26 - 2014-04-06 18:25 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2009-07-02 03:54 - 2009-07-02 03:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-09-12 22:01 - 2010-09-12 22:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-09-12 22:01 - 2010-09-12 22:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-09-12 22:19 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-10-23 22:40 - 2009-10-23 22:40 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-09-11 21:27 - 2009-09-11 21:27 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-09-12 22:09 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-09-24 14:50 - 2009-09-24 14:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-10-23 01:45 - 2009-10-23 01:45 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2014-09-04 19:18 - 2014-09-04 19:18 - 00165376 _____ () C:\Users\JMR\Downloads\Neuer Ordner\SystemLook_x64.exe
2014-07-04 20:20 - 2014-07-04 20:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-04 19:02 - 2014-09-04 19:02 - 02844672 _____ () C:\Program Files\AVAST Software\Avast\defs\14090401\algo.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-11-16 19:10 - 2007-07-27 16:10 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
2010-11-16 19:10 - 2009-07-03 14:04 - 00084992 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00074752 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
2010-11-16 19:10 - 2009-07-01 17:46 - 00461824 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
2010-11-16 19:10 - 2009-07-08 12:24 - 00167424 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00089088 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00065024 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
2010-11-16 19:10 - 2009-07-03 14:40 - 00085504 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
2010-11-16 19:10 - 2009-07-09 18:41 - 00222720 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
2010-11-16 19:10 - 2009-07-03 14:21 - 00042496 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
2010-11-16 19:10 - 2009-07-03 14:11 - 00267264 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00297984 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
2014-07-04 20:20 - 2014-07-04 20:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-03 13:10 - 2014-09-03 13:11 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\JMR\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BitTorrent DNA => "C:\Program Files (x86)\DNA\btdna.exe"
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 07:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.0.5350, Zeitstempel: 0x53fc3d9f
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.0.5350, Zeitstempel: 0x53fc0a56
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (09/04/2014 07:40:00 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:37:56 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:35:53 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:33:49 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:31:46 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:29:40 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:27:38 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:25:34 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/04/2014 07:22:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/04/2014 07:22:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.


Microsoft Office Sessions:
=========================
Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 10:57:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-04 09:48:15.445
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-04 09:48:15.304
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-31 13:08:49.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-31 12:37:21.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 71%
Total physical RAM: 4061.02 MB
Available physical RAM: 1172.8 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 4794.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:39.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:4.83 GB) NTFS
Drive g: () (Removable) (Total:3.69 GB) (Free:0.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by JMR (administrator) on JMR-PC on 04-09-2014 19:38:18
Running from C:\Users\JMR\Downloads\Neuer Ordner
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ASUS) C:\eSupport\SupThrSrv\SupThrSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\JMR\Downloads\Neuer Ordner\SystemLook_x64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{53E4563B-DE4E-4624-9945-DCA6E92511E7}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\gz35j4uo.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Google Search) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (No Name) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-02]
CHR Extension: (avast! Online Security) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Extension: (Gmail) - C:\Users\JMR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-04-06] (RealNetworks, Inc.)
R2 SupThrSrv; C:\eSupport\SupThrSrv\SupThrSrv.exe [80512 2009-09-04] (ASUS)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 19:37 - 2014-09-04 19:37 - 00036070 _____ () C:\Users\JMR\Downloads\SystemLook.txt
2014-09-04 19:23 - 2014-09-04 19:23 - 00020519 _____ () C:\Windows\SysWOW64\rsslogs.20140904192219
2014-09-04 19:16 - 2014-09-04 19:38 - 00000000 ____D () C:\Users\JMR\Downloads\Neuer Ordner
2014-09-04 19:00 - 2014-09-04 19:00 - 00026553 _____ () C:\Windows\SysWOW64\rsslogs.20140904185914
2014-09-04 18:57 - 2014-09-04 18:57 - 00262144 ____N () C:\Windows\Minidump\090414-47377-01.dmp
2014-09-04 17:18 - 2014-09-04 17:18 - 00118250 _____ () C:\Windows\SysWOW64\rsslogs.20140904171748
2014-09-04 15:41 - 2014-09-04 15:41 - 00031374 _____ () C:\Windows\SysWOW64\rsslogs.20140904154021
2014-09-04 15:36 - 2014-09-04 15:36 - 00045955 _____ () C:\Users\JMR\Desktop\FRST 1.txt
2014-09-04 15:33 - 2014-09-04 15:33 - 00000900 _____ () C:\Users\JMR\Desktop\JRT 1.txt
2014-09-04 15:21 - 2014-09-04 15:21 - 00000900 _____ () C:\Users\JMR\Desktop\JRT.txt
2014-09-04 15:07 - 2014-09-04 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 15:05 - 2014-09-04 15:05 - 00041010 _____ () C:\Windows\SysWOW64\rsslogs.20140904150454
2014-09-04 14:40 - 2014-09-04 14:40 - 00028958 _____ () C:\Windows\SysWOW64\rsslogs.20140904143904
2014-09-04 14:37 - 2014-09-04 14:37 - 00027420 _____ () C:\Users\JMR\Desktop\xml datei.Xml
2014-09-04 14:37 - 2014-09-04 14:37 - 00009975 _____ () C:\Users\JMR\Desktop\text datei.txt
2014-09-04 13:42 - 2014-09-04 13:42 - 00067593 _____ () C:\Windows\SysWOW64\rsslogs.20140904134159
2014-09-04 13:38 - 2014-09-04 13:38 - 00003623 _____ () C:\Windows\SysWOW64\rsslogs.20140904133739
2014-09-04 13:22 - 2014-09-04 13:22 - 00018104 _____ () C:\Windows\SysWOW64\rsslogs.20140904132120
2014-09-04 13:16 - 2014-09-04 13:16 - 01016261 _____ (Thisisu) C:\Users\JMR\Downloads\JRT.exe
2014-09-04 13:07 - 2014-09-04 14:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 13:06 - 2014-09-04 13:06 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 13:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 13:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 13:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-04 13:03 - 2014-09-04 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JMR\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 12:59 - 2014-09-04 12:59 - 00025336 _____ () C:\Windows\SysWOW64\rsslogs.20140904125858
2014-09-04 12:54 - 2014-09-04 12:57 - 00000000 ____D () C:\AdwCleaner
2014-09-04 12:52 - 2014-09-04 12:52 - 01370483 _____ () C:\Users\JMR\Downloads\adwcleaner_3.309.exe
2014-09-04 12:42 - 2014-09-04 12:42 - 00242040 _____ (Software Installer ) C:\Users\JMR\Downloads\Setup.exe
2014-09-04 10:14 - 2014-09-04 10:14 - 00197891 _____ () C:\Windows\SysWOW64\rsslogs.20140904101355
2014-09-04 09:54 - 2014-09-04 09:54 - 00024352 _____ () C:\ComboFix.txt
2014-09-04 09:26 - 2014-09-04 09:54 - 00000000 ____D () C:\Qoobox
2014-09-04 09:26 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-04 09:26 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-04 09:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-04 09:26 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-04 09:25 - 2014-09-04 09:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 09:20 - 2014-09-04 09:20 - 05576326 ____R (Swearware) C:\Users\JMR\Downloads\ComboFix.exe
2014-09-04 09:14 - 2014-09-04 09:14 - 00071224 _____ () C:\Windows\SysWOW64\rsslogs.20140904091309
2014-09-03 13:10 - 2014-09-03 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-03 08:12 - 2014-09-03 08:12 - 00809793 _____ () C:\Windows\SysWOW64\rsslogs.20140903081134
2014-09-02 20:56 - 2014-09-04 17:35 - 00046742 _____ () C:\Users\JMR\Downloads\Addition.txt
2014-09-02 20:54 - 2014-09-04 19:38 - 00000000 ____D () C:\FRST
2014-09-02 20:54 - 2014-09-04 17:35 - 00046665 _____ () C:\Users\JMR\Downloads\FRST.txt
2014-09-02 20:49 - 2014-09-04 12:39 - 00000468 _____ () C:\Users\JMR\Downloads\defogger_disable.log
2014-09-02 20:49 - 2014-09-02 20:49 - 00000000 _____ () C:\Users\JMR\defogger_reenable
2014-09-02 20:47 - 2014-09-02 20:47 - 00050477 _____ () C:\Users\JMR\Downloads\Defogger.exe
2014-09-02 19:48 - 2014-09-02 19:48 - 00178610 _____ () C:\Windows\SysWOW64\rsslogs.20140902194757
2014-09-02 19:33 - 2014-09-02 19:39 - 91906368 _____ (AVAST Software) C:\Users\JMR\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-02 12:26 - 2014-09-02 12:26 - 00126704 _____ () C:\Windows\SysWOW64\rsslogs.20140902122505
2014-09-02 10:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-02 10:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-02 10:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-02 10:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-02 10:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-02 10:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-02 10:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-02 10:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-02 08:59 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-02 08:59 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-02 08:58 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-02 08:58 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-02 08:58 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-02 08:58 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-02 08:58 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-02 08:58 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-02 08:58 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-02 08:58 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-02 08:58 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-02 08:58 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-02 08:55 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-02 08:55 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-02 08:55 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-02 08:55 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-02 08:55 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-02 08:55 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-02 08:55 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-02 08:55 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-02 08:55 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-02 08:55 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-02 08:55 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-02 08:55 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-02 08:55 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-02 08:55 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-02 08:55 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-02 08:55 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-02 08:55 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-02 08:55 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-02 08:55 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-02 08:55 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-02 08:55 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-02 08:55 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-02 08:55 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-02 08:55 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-02 08:55 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-02 08:55 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-02 08:55 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-02 08:55 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-02 08:55 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-02 08:55 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-02 08:55 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-02 08:55 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-02 08:55 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-02 08:55 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-02 08:55 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-02 08:55 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-02 08:55 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-02 08:55 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-02 08:55 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-02 08:55 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-02 08:55 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-02 08:55 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-02 08:55 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-02 08:55 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-02 08:55 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-02 08:55 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-02 08:55 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-02 08:55 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-02 08:55 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-02 08:55 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-02 08:55 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-02 08:55 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-02 08:55 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-02 08:55 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-02 08:55 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-02 08:55 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-02 08:51 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 08:51 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 08:51 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 08:51 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-02 08:51 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 23:11 - 2014-09-01 23:11 - 00634559 _____ () C:\Windows\SysWOW64\rsslogs.20140901231040
2014-09-01 21:59 - 2014-09-02 08:18 - 00000000 ____D () C:\e9da33e2ef00251bf164
2014-08-31 19:57 - 2014-08-31 19:58 - 00000000 ____D () C:\Users\JMR\Desktop\manu
2014-08-29 19:37 - 2014-08-29 19:37 - 00000000 ____D () C:\Users\Public\Documents\Canon MyCameraFiles
2014-08-28 23:31 - 2014-08-28 23:31 - 00003301 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2014-08-28 23:12 - 2014-09-02 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luminance HDR
2014-08-28 23:12 - 2014-09-02 09:04 - 00000000 ____D () C:\Program Files (x86)\Luminance HDR
2014-08-28 23:12 - 2014-08-28 23:12 - 00000000 ____D () C:\Users\JMR\LuminanceHDR
2014-08-28 11:21 - 2014-08-28 11:21 - 00000000 ____D () C:\Users\JMR\AppData\Local\Adobe
2014-08-27 12:21 - 2014-08-27 12:21 - 00016897 _____ () C:\Windows\SysWOW64\rsslogs.20140827122031
2014-08-07 20:45 - 2014-08-07 20:45 - 00009661 _____ () C:\Windows\SysWOW64\rsslogs.20140807204423
2014-08-07 20:44 - 2014-09-01 23:10 - 00003162 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-08-07 10:24 - 2014-08-07 10:24 - 00400765 _____ () C:\Windows\SysWOW64\rsslogs.20140807102308
2014-08-07 08:15 - 2014-08-07 08:15 - 00012081 _____ () C:\Windows\SysWOW64\rsslogs.20140807081359
2014-08-07 06:21 - 2014-08-07 06:21 - 00055525 _____ () C:\Windows\SysWOW64\rsslogs.20140807062006
2014-08-06 07:20 - 2014-08-06 07:20 - 00648265 _____ () C:\Windows\SysWOW64\rsslogs.20140806071956
2014-08-05 20:26 - 2014-08-05 20:26 - 00037439 _____ () C:\Windows\SysWOW64\rsslogs.20140805202529
2014-08-05 15:30 - 2014-08-05 15:30 - 00109841 _____ () C:\Windows\SysWOW64\rsslogs.20140805152903
2014-08-05 07:20 - 2014-08-05 07:21 - 00000000 ____D () C:\Users\JMR\Desktop\add familienkasse
2014-08-05 07:19 - 2014-08-05 07:19 - 00282383 _____ () C:\Windows\SysWOW64\rsslogs.20140805071832

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 19:38 - 2014-09-04 19:16 - 00000000 ____D () C:\Users\JMR\Downloads\Neuer Ordner
2014-09-04 19:38 - 2014-09-02 20:54 - 00000000 ____D () C:\FRST
2014-09-04 19:37 - 2014-09-04 19:37 - 00036070 _____ () C:\Users\JMR\Downloads\SystemLook.txt
2014-09-04 19:30 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 19:30 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 19:27 - 2010-09-12 21:40 - 01224501 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 19:23 - 2014-09-04 19:23 - 00020519 _____ () C:\Windows\SysWOW64\rsslogs.20140904192219
2014-09-04 19:22 - 2011-05-17 23:16 - 00003332 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001
2014-09-04 19:22 - 2011-05-17 23:16 - 00003194 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001
2014-09-04 19:21 - 2014-07-05 08:59 - 00031700 _____ () C:\Windows\PFRO.log
2014-09-04 19:21 - 2014-05-07 07:51 - 00013283 _____ () C:\Windows\setupact.log
2014-09-04 19:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 19:01 - 2013-03-21 23:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 19:00 - 2014-09-04 19:00 - 00026553 _____ () C:\Windows\SysWOW64\rsslogs.20140904185914
2014-09-04 18:57 - 2014-09-04 18:57 - 00262144 ____N () C:\Windows\Minidump\090414-47377-01.dmp
2014-09-04 18:57 - 2011-04-20 21:08 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 18:51 - 2012-11-30 11:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 17:35 - 2014-09-02 20:56 - 00046742 _____ () C:\Users\JMR\Downloads\Addition.txt
2014-09-04 17:35 - 2014-09-02 20:54 - 00046665 _____ () C:\Users\JMR\Downloads\FRST.txt
2014-09-04 17:18 - 2014-09-04 17:18 - 00118250 _____ () C:\Windows\SysWOW64\rsslogs.20140904171748
2014-09-04 15:41 - 2014-09-04 15:41 - 00031374 _____ () C:\Windows\SysWOW64\rsslogs.20140904154021
2014-09-04 15:36 - 2014-09-04 15:36 - 00045955 _____ () C:\Users\JMR\Desktop\FRST 1.txt
2014-09-04 15:33 - 2014-09-04 15:33 - 00000900 _____ () C:\Users\JMR\Desktop\JRT 1.txt
2014-09-04 15:21 - 2014-09-04 15:21 - 00000900 _____ () C:\Users\JMR\Desktop\JRT.txt
2014-09-04 15:07 - 2014-09-04 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 15:05 - 2014-09-04 15:05 - 00041010 _____ () C:\Windows\SysWOW64\rsslogs.20140904150454
2014-09-04 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-04 14:40 - 2014-09-04 14:40 - 00028958 _____ () C:\Windows\SysWOW64\rsslogs.20140904143904
2014-09-04 14:40 - 2014-09-04 13:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 14:38 - 2009-07-29 07:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-09-04 14:37 - 2014-09-04 14:37 - 00027420 _____ () C:\Users\JMR\Desktop\xml datei.Xml
2014-09-04 14:37 - 2014-09-04 14:37 - 00009975 _____ () C:\Users\JMR\Desktop\text datei.txt
2014-09-04 13:42 - 2014-09-04 13:42 - 00067593 _____ () C:\Windows\SysWOW64\rsslogs.20140904134159
2014-09-04 13:38 - 2014-09-04 13:38 - 00003623 _____ () C:\Windows\SysWOW64\rsslogs.20140904133739
2014-09-04 13:22 - 2014-09-04 13:22 - 00018104 _____ () C:\Windows\SysWOW64\rsslogs.20140904132120
2014-09-04 13:21 - 2010-09-12 22:19 - 00001807 _____ () C:\Windows\system32\ServiceFilter.ini
2014-09-04 13:16 - 2014-09-04 13:16 - 01016261 _____ (Thisisu) C:\Users\JMR\Downloads\JRT.exe
2014-09-04 13:06 - 2014-09-04 13:06 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 13:06 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 13:03 - 2014-09-04 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JMR\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 12:59 - 2014-09-04 12:59 - 00025336 _____ () C:\Windows\SysWOW64\rsslogs.20140904125858
2014-09-04 12:57 - 2014-09-04 12:54 - 00000000 ____D () C:\AdwCleaner
2014-09-04 12:52 - 2014-09-04 12:52 - 01370483 _____ () C:\Users\JMR\Downloads\adwcleaner_3.309.exe
2014-09-04 12:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-04 12:42 - 2014-09-04 12:42 - 00242040 _____ (Software Installer ) C:\Users\JMR\Downloads\Setup.exe
2014-09-04 12:39 - 2014-09-02 20:49 - 00000468 _____ () C:\Users\JMR\Downloads\defogger_disable.log
2014-09-04 10:14 - 2014-09-04 10:14 - 00197891 _____ () C:\Windows\SysWOW64\rsslogs.20140904101355
2014-09-04 10:13 - 2014-04-05 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-04 10:11 - 2010-11-16 18:14 - 00000000 ____D () C:\ProgramData\Avira
2014-09-04 10:08 - 2013-04-27 18:06 - 01690338 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-04 10:08 - 2009-08-04 11:51 - 00739448 _____ () C:\Windows\system32\perfh007.dat
2014-09-04 10:08 - 2009-08-04 11:51 - 00161712 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 10:08 - 2009-07-14 07:13 - 01690338 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 10:02 - 2010-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-04 09:54 - 2014-09-04 09:54 - 00024352 _____ () C:\ComboFix.txt
2014-09-04 09:54 - 2014-09-04 09:26 - 00000000 ____D () C:\Qoobox
2014-09-04 09:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-04 09:51 - 2014-09-04 09:25 - 00000000 ____D () C:\Windows\erdnt
2014-09-04 09:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-04 09:20 - 2014-09-04 09:20 - 05576326 ____R (Swearware) C:\Users\JMR\Downloads\ComboFix.exe
2014-09-04 09:14 - 2014-09-04 09:14 - 00071224 _____ () C:\Windows\SysWOW64\rsslogs.20140904091309
2014-09-03 13:11 - 2014-09-03 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-03 12:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-03 08:12 - 2014-09-03 08:12 - 00809793 _____ () C:\Windows\SysWOW64\rsslogs.20140903081134
2014-09-02 20:49 - 2014-09-02 20:49 - 00000000 _____ () C:\Users\JMR\defogger_reenable
2014-09-02 20:49 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR
2014-09-02 20:47 - 2014-09-02 20:47 - 00050477 _____ () C:\Users\JMR\Downloads\Defogger.exe
2014-09-02 19:48 - 2014-09-02 19:48 - 00178610 _____ () C:\Windows\SysWOW64\rsslogs.20140902194757
2014-09-02 19:42 - 2013-09-10 08:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 19:42 - 2013-03-21 23:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 19:39 - 2014-09-02 19:33 - 91906368 _____ (AVAST Software) C:\Users\JMR\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-02 12:26 - 2014-09-02 12:26 - 00126704 _____ () C:\Windows\SysWOW64\rsslogs.20140902122505
2014-09-02 12:24 - 2009-07-14 06:45 - 00346184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 10:46 - 2010-11-20 12:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-02 10:36 - 2013-08-14 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-02 10:28 - 2010-11-22 20:58 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-02 09:06 - 2012-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-09-02 09:05 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-02 09:05 - 2010-11-23 18:10 - 00000000 ____D () C:\Users\Gast
2014-09-02 09:05 - 2010-09-12 22:17 - 00000000 ____D () C:\ProgramData\P4G
2014-09-02 09:05 - 2009-08-04 11:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-02 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-02 09:04 - 2014-08-28 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luminance HDR
2014-09-02 09:04 - 2014-08-28 23:12 - 00000000 ____D () C:\Program Files (x86)\Luminance HDR
2014-09-02 09:04 - 2013-10-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-02 09:04 - 2013-08-08 20:29 - 00000000 ____D () C:\Users\JMR\AppData\Local\gtk-2.0
2014-09-02 09:04 - 2011-09-11 15:59 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\elsterformular
2014-09-02 09:04 - 2011-09-11 15:58 - 00000000 ____D () C:\ProgramData\elsterformular
2014-09-02 09:04 - 2011-09-11 15:58 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-09-02 09:04 - 2010-11-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-09-02 09:04 - 2010-11-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-09-02 09:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-02 08:48 - 2011-05-17 23:15 - 00000000 ____D () C:\ProgramData\Real
2014-09-02 08:47 - 2011-05-22 21:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 08:18 - 2014-09-01 21:59 - 00000000 ____D () C:\e9da33e2ef00251bf164
2014-09-01 23:11 - 2014-09-01 23:11 - 00634559 _____ () C:\Windows\SysWOW64\rsslogs.20140901231040
2014-09-01 23:10 - 2014-08-07 20:44 - 00003162 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-08-31 20:03 - 2014-01-05 12:36 - 00000000 ____D () C:\Users\JMR\Desktop\Strom 2014
2014-08-31 19:58 - 2014-08-31 19:57 - 00000000 ____D () C:\Users\JMR\Desktop\manu
2014-08-31 19:13 - 2014-05-03 19:41 - 00000000 ____D () C:\Users\JMR\Desktop\Cachen
2014-08-30 21:09 - 2013-10-27 10:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-29 19:37 - 2014-08-29 19:37 - 00000000 ____D () C:\Users\Public\Documents\Canon MyCameraFiles
2014-08-28 23:45 - 2013-08-08 20:26 - 00000000 ____D () C:\Users\JMR\.gimp-2.8
2014-08-28 23:31 - 2014-08-28 23:31 - 00003301 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2014-08-28 23:12 - 2014-08-28 23:12 - 00000000 ____D () C:\Users\JMR\LuminanceHDR
2014-08-28 11:21 - 2014-08-28 11:21 - 00000000 ____D () C:\Users\JMR\AppData\Local\Adobe
2014-08-27 12:23 - 2010-11-16 11:38 - 00003098 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-08-27 12:21 - 2014-08-27 12:21 - 00016897 _____ () C:\Windows\SysWOW64\rsslogs.20140827122031
2014-08-25 06:53 - 2011-05-01 21:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-09-02 08:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-02 08:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-02 08:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-07 20:45 - 2014-08-07 20:45 - 00009661 _____ () C:\Windows\SysWOW64\rsslogs.20140807204423
2014-08-07 10:24 - 2014-08-07 10:24 - 00400765 _____ () C:\Windows\SysWOW64\rsslogs.20140807102308
2014-08-07 08:15 - 2014-08-07 08:15 - 00012081 _____ () C:\Windows\SysWOW64\rsslogs.20140807081359
2014-08-07 06:21 - 2014-08-07 06:21 - 00055525 _____ () C:\Windows\SysWOW64\rsslogs.20140807062006
2014-08-06 07:20 - 2014-08-06 07:20 - 00648265 _____ () C:\Windows\SysWOW64\rsslogs.20140806071956
2014-08-05 20:26 - 2014-08-05 20:26 - 00037439 _____ () C:\Windows\SysWOW64\rsslogs.20140805202529
2014-08-05 20:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 15:30 - 2014-08-05 15:30 - 00109841 _____ () C:\Windows\SysWOW64\rsslogs.20140805152903
2014-08-05 07:21 - 2014-08-05 07:20 - 00000000 ____D () C:\Users\JMR\Desktop\add familienkasse
2014-08-05 07:21 - 2013-06-24 10:33 - 00000000 ____D () C:\Users\JMR\Desktop\Rechnung amazon oral
2014-08-05 07:21 - 2013-01-21 21:02 - 00000000 ____D () C:\Users\JMR\Desktop\steuer 2011
2014-08-05 07:19 - 2014-08-05 07:19 - 00282383 _____ () C:\Windows\SysWOW64\rsslogs.20140805071832

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 12:29

==================== End Of Log ============================
--- --- ---

M-K-D-B 05.09.2014 09:30
Zitat:
Running from C:\Users\JMR\Downloads\Neuer Ordner
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\AllDaySavings
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\V-bates
DeleteKey: HKEY_CURRENT_USER\Software\BRS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

jmm20008 06.09.2014 07:31
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by JMR at 2014-09-05 13:54:07 Run:2
Running from C:\Users\JMR\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\AllDaySavings
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\V-bates
DeleteKey: HKEY_CURRENT_USER\Software\BRS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
EmptyTemp:
end
       
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
"HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETFILTER64 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AllDaySavings => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\V-bates => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\V-bates => Key Deleted Successfully.
HKEY_CURRENT_USER\Software\BRS => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\BRS => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab => Key Deleted successfully.
EmptyTemp: => Removed 173.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e3d61bcae0b8d04c9e6ffa2904af3c29
# engine=20022
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-09-05 11:22:10
# local_time=2014-09-06 01:22:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 279352 174379820 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 318162 161589180 0 0
# scanned=177929
# found=21
# cleaned=0
# scan_time=15258
sh=96A5AEBAF5A2C96B869168D409FAF54BC52F4BFB ft=1 fh=95a04965e73ede3e vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\005\cyycfhtzro64.exe.vir"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\LocalLow\Softonic_Deutsch_FF\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=3123189D1342131D0AA1063E9AB0807FC83CF0B1 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JMR\AppData\LocalLow\AskToolbar\avira.cab.vir"
sh=A861AE1982B1D0B8665DDA42C7362E9F56CCCF59 ft=1 fh=f43624d83de7ea4d vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=24F2CEE700AA6F46CA1A2E19F8B6E3B2A522D468 ft=1 fh=4b26042470f9621d vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir"
sh=E1A7A449902482BEF1C4B7F26C433E92D9762A08 ft=1 fh=a48bc6f1e4fced33 vn="Variante von Win32/AdWare.iBryte.BG Anwendung" ac=I fn="C:\Users\JMR\Downloads\Setup.exe"
sh=D5E01C1040DBF9E369D81CAAA820BE959BD24AA8 ft=1 fh=fb8bf33a09a74c2f vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JMR\Downloads\speedupmypc.exe"
sh=D3E5D3D1CF9AB00B9FF3763D45B8AF54A028EA61 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2012-09-23 191129\Backup Files 2012-09-23 191129\Backup files 47.zip"
sh=706A34DDC3898BDBF754E43323F86FEEDB943109 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2012-09-23 191129\Backup Files 2012-09-23 191129\Backup files 5.zip"
sh=41596D10D5D765730EDD78DA8B208FED174825AE ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2012-09-23 191129\Backup Files 2012-09-23 191129\Backup files 6.zip"
sh=C465D157502F2EA39FC7B63732F8D5BDFB45CE0E ft=0 fh=0000000000000000 vn="Variante von Win32/GetNow.B evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-03-23 192932\Backup Files 2014-03-23 192932\Backup files 8.zip"
sh=BA9882BF4B36D989DF59592E6AF63D7E82949A2D ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-03-23 192932\Backup Files 2014-03-24 092029\Backup files 70.zip"
sh=3EDA21E5D05AE5925720A98B2E20FFADCCE29ADB ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-03-23 192932\Backup Files 2014-04-20 193435\Backup files 4.zip"
sh=9774CF89649D58C4E2C2409CD26C690B4045E449 ft=0 fh=0000000000000000 vn="Variante von Win32/GetNow.B evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-04-28 100658\Backup Files 2014-04-28 100658\Backup files 11.zip"
sh=B107FA6589537053CD87981909044174FE3F2119 ft=0 fh=0000000000000000 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-04-28 100658\Backup Files 2014-04-28 100658\Backup files 12.zip"
sh=2EE2BF588A3C4E40BA3FAC6FACB67B4638063063 ft=0 fh=0000000000000000 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-04-28 100658\Backup Files 2014-05-11 190002\Backup files 4.zip"
sh=55C8B5AD73555DCB495FB5E3978D4D2AAC49FCA4 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-04-28 100658\Backup Files 2014-05-26 074345\Backup files 27.zip"
sh=9BAB71D01C1F70B95330CB572F8741A4471D31F9 ft=0 fh=0000000000000000 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="D:\JMR-PC\Backup Set 2014-09-01 232158\Backup Files 2014-09-01 232158\Backup files 12.zip"
Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Java(TM) 6 Update 25
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (33.0)
````````Process Check: objlist.exe by Laurent````````
Mobile Partner OnlineUpdate ouc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Gruß Manuela


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131