Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: win32/small.ca virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.09.2013, 15:01   #1
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



Mein Computer hat mir erzählt, dass ich den win32/small.ca-virus auf meinem Computer habe, darauf hin hane ich hijack this benutzt und bräuchte jetzt hilfe, vielen Dank schon mal!!!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:50:48, on 13.09.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\Asus\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
R3 - URLSearchHook: (no name) - {9427041a-a8dc-4d06-9a68-93873486e957} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 176.9.75.3 www.google-analytics.com.
O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net.
O1 - Hosts: 176.9.75.3 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Ecosia Plugin - {8E63A864-CDFC-476c-839A-9D0A88CEAE33} - C:\Program Files (x86)\Ecosia\ecosia.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files (x86)\Ecosia\ecosia.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [setc] C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe
O4 - HKLM\..\Run: [regist] C:\Program Files (x86)\MySecurityCenter\Programs\Info.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} (VPNWeb Control) - vpnweb.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1cafb46d8a742b3) (gupdate1cafb46d8a742b3) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files (x86)\MySecurityCenter\Programs\service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SecureW2 Service (SW2SVC) - SecureW2 B.V. - C:\Program Files (x86)\SecureW2\sw2_service.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Sophos Web Intelligence Update (swi_update_64) - Sophos Limited - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17055 bytes

Alt 13.09.2013, 15:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Hallo und


Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!


Zitat:
Zitat von Larusso Beitrag anzeigen
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.09.2013, 19:53   #3
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



Meine Virenscanner finden Keinen Virus oder ähnliches.
Habe mir Farbar's Recovery Scan Tool (FRST) heruntergeladen und dann ausgeführt, gescannt. Leider habe ich nicht so viel Ahnung, sollte ich das posten?


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 01
Ran by Asus (administrator) on ASUS-PC on 13-09-2013 19:46:21
Running from C:\Users\Asus\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\MySecurityCenter\Programs\service.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Mozilla Corporation) C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [AdobeBridge] - "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {a9c3242c-9754-11e0-85b2-90e6ba6d4571} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [setc] - C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe [389736 2007-07-09] (MySecurityCenter)
HKLM-x32\...\Run: [regist] - C:\Program Files (x86)\MySecurityCenter\Programs\Info.exe [389736 2007-07-09] (MySecurityCenter)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-10-22] (Sophos Limited)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [523216 2011-09-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] - C:\Program Files (x86)\SecureW2\sw2_tray.exe [287112 2011-09-27] (SecureW2 B.V.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2012-10-22] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2012-10-22] (Sophos Limited)
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
URLSearchHook: (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365533080
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=3342384
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=3342384
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=3342384
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=3342384
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=3342384
SearchScopes: HKCU - {1651D325-2BBC-409C-9EB2-A6EE3A839165} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=3342384
SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://findgala.com/?&uid=3127&q={searchTerms}
SearchScopes: HKCU - {9FA5EA01-FE8B-4172-B43F-A21530142DDD} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {B15510A7-50CF-4DF9-8909-D39C178BBB26} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {B3988866-5BC3-484B-B8B9-5551B8BF001C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYSE&apn_uid=C21C6EE6-35F3-4A3D-97F6-F8990E205C2B&apn_sauid=67C844E9-692C-4BA1-BF18-157F9E99C87F&
SearchScopes: HKCU - {CB92DBA8-6423-4485-ABB3-41EED9B47B94} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKCU - {F5C2D0D4-7611-470E-B72B-1371E1B37CA3} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F9BCCCD4-723E-4296-9DE7-1C0DD9B72AE7} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
SearchScopes: HKCU - {FE077C6E-A0C0-4EA5-B32B-01A28B827703} URL = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {FFCD1CD0-6BBE-4B6F-83D7-2F2D19B7D85C} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ecosia Class - {8E63A864-CDFC-476c-839A-9D0A88CEAE33} - C:\Program Files (x86)\Ecosia\ecosia.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files (x86)\Ecosia\ecosia.dll ()
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -  No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU -  No Name - {9427041A-A8DC-4D06-9A68-93873486E957} -  No File
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR RestoreOnStartup: "tabs":{"use_vertical_tabs"
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 gupdate1cafb46d8a742b3; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-05-24] (Google Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 MySecurityCenter License Service; C:\Program Files (x86)\MySecurityCenter\Programs\service.exe [78696 2007-05-21] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-12-04] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-10-22] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-10-22] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-22] (Sophos Limited)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [121224 2011-09-27] (SecureW2 B.V.)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-12-04] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-12-04] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-10-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-10-22] (Sophos Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-10-22] (Sophos Plc)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 19:43 - 2013-09-13 19:44 - 01949784 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2013-09-13 19:35 - 2013-09-13 19:37 - 00052019 _____ C:\Users\Asus\Downloads\Addition.txt
2013-09-13 19:32 - 2013-09-13 19:32 - 00000000 ____D C:\FRST
2013-09-13 19:17 - 2013-09-13 19:17 - 00002073 _____ C:\Users\Asus\Desktop\Scan Report 13-09-13.lnk
2013-09-13 16:07 - 2013-09-13 18:51 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-09-13 15:10 - 2013-09-13 19:18 - 00000000 ____D C:\Users\Asus\AppData\Roaming\systweak
2013-09-13 15:10 - 2013-09-13 19:17 - 00001322 _____ C:\Users\Asus\Desktop\Small . CARemoval Tool.lnk
2013-09-13 15:10 - 2013-09-13 19:17 - 00000000 ____D C:\Program Files (x86)\Small . CARemoval Tool
2013-09-13 15:10 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-09-13 15:10 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2013-09-13 15:10 - 2012-01-20 14:14 - 00018816 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-09-13 15:10 - 2009-07-23 18:32 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-09-13 15:10 - 2009-07-23 18:32 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-09-13 15:03 - 2013-09-13 15:04 - 02880824 _____ (Security Stronghold                                         ) C:\Users\Asus\Downloads\Small.CARemovalTool.exe
2013-09-13 14:50 - 2013-09-13 14:50 - 00017057 _____ C:\Users\Asus\Downloads\hijackthis.log
2013-09-13 14:49 - 2013-09-13 14:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Asus\Downloads\HijackThis.exe
2013-09-13 14:13 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 14:13 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 14:13 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 14:13 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 14:12 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 14:12 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 14:12 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 14:12 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 14:12 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 14:12 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 14:12 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 14:12 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 14:12 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 14:12 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 14:07 - 2013-09-13 14:10 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-13 14:04 - 2013-09-13 14:05 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall(1).exe
2013-09-13 14:00 - 2013-09-13 14:02 - 90889040 _____ (Apple Inc.) C:\Users\Asus\Downloads\iTunes64Setup.exe
2013-09-13 13:46 - 2013-09-13 13:47 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2013-09-13 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-09 22:37 - 2013-09-09 22:37 - 00001258 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-08 17:21 - 2013-09-13 18:51 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-08-29 01:39 - 2013-08-29 01:39 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-29 01:38 - 2013-08-29 01:39 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 01:38 - 2013-08-29 01:39 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iPod
2013-08-24 21:06 - 2013-08-24 21:15 - 00003733 _____ C:\Users\Asus\Downloads\Wochenendvereinsausflug Neusehland.tmd
2013-08-19 14:15 - 2013-08-19 14:15 - 07369781 _____ C:\Users\Asus\Downloads\Bauchemie II.apkg
2013-08-18 22:00 - 2013-08-18 22:00 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2(1).apkg
2013-08-18 21:58 - 2013-08-18 21:58 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2.apkg
2013-08-18 21:06 - 2013-08-18 21:06 - 00000000 _____ C:\Windows\system32\vireng.log
2013-08-18 20:58 - 2013-08-18 21:54 - 00000000 ____D C:\Users\Asus\AppData\Local\Mozilla Firefox
2013-08-14 09:26 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 09:26 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:26 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:26 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:26 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 09:26 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:25 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:25 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-13 19:44 - 2013-09-13 19:43 - 01949784 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2013-09-13 19:37 - 2013-09-13 19:35 - 00052019 _____ C:\Users\Asus\Downloads\Addition.txt
2013-09-13 19:35 - 2012-12-19 10:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 19:32 - 2013-09-13 19:32 - 00000000 ____D C:\FRST
2013-09-13 19:24 - 2009-10-12 17:37 - 01162422 _____ C:\Windows\WindowsUpdate.log
2013-09-13 19:18 - 2013-09-13 15:10 - 00000000 ____D C:\Users\Asus\AppData\Roaming\systweak
2013-09-13 19:17 - 2013-09-13 19:17 - 00002073 _____ C:\Users\Asus\Desktop\Scan Report 13-09-13.lnk
2013-09-13 19:17 - 2013-09-13 15:10 - 00001322 _____ C:\Users\Asus\Desktop\Small . CARemoval Tool.lnk
2013-09-13 19:17 - 2013-09-13 15:10 - 00000000 ____D C:\Program Files (x86)\Small . CARemoval Tool
2013-09-13 18:51 - 2013-09-13 16:07 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-09-13 18:51 - 2013-09-08 17:21 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-09-13 18:50 - 2010-05-24 20:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 18:49 - 2013-04-02 11:46 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA765B4D-1B6A-4C2A-B553-F4C9D7A431FD}
2013-09-13 16:38 - 2012-12-19 10:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 16:38 - 2012-06-07 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 16:37 - 2011-07-05 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 16:30 - 2010-05-24 15:41 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2013-09-13 16:05 - 2010-05-24 20:55 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 15:04 - 2013-09-13 15:03 - 02880824 _____ (Security Stronghold                                         ) C:\Users\Asus\Downloads\Small.CARemovalTool.exe
2013-09-13 14:50 - 2013-09-13 14:50 - 00017057 _____ C:\Users\Asus\Downloads\hijackthis.log
2013-09-13 14:49 - 2013-09-13 14:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Asus\Downloads\HijackThis.exe
2013-09-13 14:34 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 14:34 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 14:26 - 2010-04-18 19:17 - 00000000 ___HD C:\ASUS.DAT
2013-09-13 14:26 - 2010-02-11 13:50 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 14:26 - 2010-02-11 13:41 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 14:25 - 2011-09-17 23:45 - 00000408 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-09-13 14:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 14:23 - 2009-07-14 06:45 - 05061808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 14:22 - 2009-07-14 06:51 - 00197358 _____ C:\Windows\setupact.log
2013-09-13 14:11 - 2013-07-25 19:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 14:10 - 2013-09-13 14:07 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-13 14:05 - 2013-09-13 14:04 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall(1).exe
2013-09-13 14:05 - 2010-09-29 16:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 14:05 - 2009-10-12 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 14:02 - 2013-09-13 14:00 - 90889040 _____ (Apple Inc.) C:\Users\Asus\Downloads\iTunes64Setup.exe
2013-09-13 13:47 - 2013-09-13 13:46 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2013-09-13 10:40 - 2011-06-13 13:50 - 00000000 ____D C:\ProgramData\tmp
2013-09-13 10:40 - 2011-06-13 13:50 - 00000000 ____D C:\ProgramData\hps
2013-09-12 16:45 - 2012-03-20 21:08 - 00000000 ____D C:\Users\Asus\AppData\Local\Paint.NET
2013-09-11 14:36 - 2011-07-12 17:23 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Dropbox
2013-09-11 13:30 - 2011-07-12 17:26 - 00000000 ___RD C:\Users\Asus\Dropbox
2013-09-10 19:24 - 2012-03-20 21:09 - 00001290 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-10 19:24 - 2012-03-20 21:08 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-09 22:37 - 2013-09-09 22:37 - 00001258 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-09 22:37 - 2013-01-07 18:51 - 00001258 _____ C:\Users\Public\Desktop\BUDNI Fotowelt.lnk
2013-09-09 17:57 - 2009-08-04 11:51 - 00722634 _____ C:\Windows\system32\perfh007.dat
2013-09-09 17:57 - 2009-08-04 11:51 - 00158034 _____ C:\Windows\system32\perfc007.dat
2013-09-09 17:57 - 2009-07-14 07:13 - 01682300 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-08 17:21 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 02:41 - 2013-06-07 21:20 - 00000600 _____ C:\Users\Asus\AppData\Local\PUTTY.RND
2013-08-29 01:39 - 2013-08-29 01:39 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-29 01:39 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 01:39 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 01:39 - 2011-08-19 21:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iPod
2013-08-24 21:15 - 2013-08-24 21:06 - 00003733 _____ C:\Users\Asus\Downloads\Wochenendvereinsausflug Neusehland.tmd
2013-08-19 14:22 - 2011-07-12 17:26 - 00001017 _____ C:\Users\Asus\Desktop\Dropbox.lnk
2013-08-19 14:22 - 2011-07-12 17:23 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-19 14:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 14:15 - 2013-08-19 14:15 - 07369781 _____ C:\Users\Asus\Downloads\Bauchemie II.apkg
2013-08-19 08:04 - 2012-10-01 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 22:00 - 2013-08-18 22:00 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2(1).apkg
2013-08-18 21:58 - 2013-08-18 21:58 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2.apkg
2013-08-18 21:54 - 2013-08-18 20:58 - 00000000 ____D C:\Users\Asus\AppData\Local\Mozilla Firefox
2013-08-18 21:06 - 2013-08-18 21:06 - 00000000 _____ C:\Windows\system32\vireng.log

ZeroAccess:
C:\Windows\Installer\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}

ZeroAccess:
C:\Users\Asus\AppData\Local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}

Files to move or delete:
====================
C:\Users\Asus\PhotoshopElements_9_LS15.exe


Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\AcDeltree.exe
C:\Users\Asus\AppData\Local\Temp\avguidx.dll
C:\Users\Asus\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Asus\AppData\Local\Temp\contentDATs.exe
C:\Users\Asus\AppData\Local\Temp\FileSystemView.dll
C:\Users\Asus\AppData\Local\Temp\InstallerBT.exe
C:\Users\Asus\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Asus\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Asus\AppData\Local\Temp\mlv_ar_qvo6.exe
C:\Users\Asus\AppData\Local\Temp\oi_{6C724498-DC2B-4E2B-8A9E-89A983970A6D}.exe
C:\Users\Asus\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Asus\AppData\Local\Temp\SHSetup.exe
C:\Users\Asus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Asus\AppData\Local\Temp\tbPro0.dll
C:\Users\Asus\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\TrekstorDevice.dll
C:\Users\Asus\AppData\Local\Temp\UNINSTALL.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 15:49

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 14.09.2013, 14:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Zitat:
ZeroAccess:
C:\Windows\Installer\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}

ZeroAccess:
C:\Users\Asus\AppData\Local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}
Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.09.2013, 16:41   #5
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



ich würde gerne mit der Bereinigung fortfahren und wenn das nicht hilft eben neuistallieren


Alt 16.09.2013, 16:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> win32/small.ca virus

Alt 16.09.2013, 18:12   #7
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



Habe Combo Fix durch laufen lassen

Code:
ATTFilter
ComboFix 13-09-14.01 - Asus 16.09.2013  17:16:14.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.1777 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\sw2_rsaproxy.exe
c:\program files (x86)\SecureW2\sw2_service.exe
c:\program files (x86)\SecureW2\sw2_tray.exe
c:\program files (x86)\SecureW2\Uninstall.exe
c:\users\Asus\4.0
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E36ADCA-BC88-415F-8954-A32EE7B31DD7}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4EB24F1B-EA4A-4B5A-8193-082BC96106C1}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52A88327-23DB-4E52-A2E4-2EDFAA1A74DF}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C65297A7-1941-4BC3-A52F-99B00BD60F12}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF0DA1EF-EF52-4F7B-9C64-0F27C842C473}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC2A0CB5-F677-47DF-AA8D-4E1CBD60D3AA}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1D611B7-B3D3-4251-8D93-F5FAF6364DB3}.xps
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Notizen.Gadget
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\todo.scottipages.gadget
c:\users\Asus\AppData\Roaming\8328AAC9.reg
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SW2SVC
-------\Service_SW2SVC
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-16 bis 2013-09-16  ))))))))))))))))))))))))))))))
.
.
2013-09-16 15:42 . 2013-09-16 15:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-16 15:42 . 2013-09-16 15:42	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-16 14:28 . 2013-08-19 22:46	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E67A76-EE5A-410D-ADA2-8A194F7CA3F0}\mpengine.dll
2013-09-13 17:32 . 2013-09-13 17:32	--------	d-----w-	C:\FRST
2013-09-13 13:10 . 2012-01-20 12:14	18816	----a-w-	c:\windows\system32\roboot64.exe
2013-09-13 13:10 . 2013-09-13 17:18	--------	d-----w-	c:\users\Asus\AppData\Roaming\systweak
2013-09-13 13:10 . 2009-07-23 16:32	274432	----a-w-	c:\windows\SysWow64\ssleay32.dll
2013-09-13 13:10 . 2009-07-23 16:32	1122304	----a-w-	c:\windows\SysWow64\libeay32.dll
2013-09-13 13:10 . 2012-12-10 09:04	81920	----a-w-	c:\windows\eSellerateControl350.dll
2013-09-13 13:10 . 2012-12-10 09:04	356352	----a-w-	c:\windows\eSellerateEngine.dll
2013-09-13 13:10 . 2013-09-13 17:17	--------	d-----w-	c:\program files (x86)\Small . CARemoval Tool
2013-09-13 12:13 . 2013-08-10 03:17	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-09-13 12:13 . 2013-08-10 03:07	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-09-13 12:13 . 2013-08-10 05:20	526336	----a-w-	c:\windows\system32\ieui.dll
2013-09-13 12:07 . 2013-09-13 12:07	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-09-13 12:07 . 2013-09-13 12:07	--------	d-----w-	c:\program files\Microsoft Security Client
2013-09-13 10:23 . 2013-08-06 08:58	9515512	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5019625-F3D4-474C-B7A9-B5166AB2249E}\mpengine.dll
2013-09-05 14:04 . 2013-09-05 14:04	209272	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-28 23:38 . 2013-08-28 23:38	--------	d-----w-	c:\program files\iPod
2013-08-28 23:38 . 2013-08-28 23:39	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-28 23:38 . 2013-08-28 23:39	--------	d-----w-	c:\program files\iTunes
2013-08-18 18:58 . 2013-08-18 19:54	--------	d-----w-	c:\users\Asus\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 14:38 . 2012-06-07 14:06	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 14:37 . 2011-07-05 19:28	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 12:05 . 2010-09-29 14:56	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-08-06 16:51 . 2010-05-25 21:57	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-06 16:51 . 2010-05-25 21:57	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-06 16:51 . 2010-06-11 11:12	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-02 01:48 . 2013-09-13 07:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-26 17:02 . 2010-06-11 11:13	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-26 17:01 . 2010-06-11 11:12	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-26 17:01 . 2010-05-25 21:57	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-25 09:25 . 2013-08-14 07:26	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 07:26	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 07:26	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 07:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 07:26	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 07:26	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 07:26	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 07:26	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 07:26	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 07:26	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 07:26	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 07:26	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 07:26	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 07:26	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 07:25	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-18 19:50 . 2013-06-18 19:50	247216	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2013-06-18 19:50	139616	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8E63A864-CDFC-476c-839A-9D0A88CEAE33}]
2010-12-17 16:45	389120	----a-w-	c:\program files (x86)\Ecosia\ecosia.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Asus\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"setc"="c:\program files (x86)\MySecurityCenter\Programs\setc.exe" [2007-07-09 389736]
"regist"="c:\program files (x86)\MySecurityCenter\Programs\Info.exe" [2007-07-09 389736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-10-22 900160]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-02 3524536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-4-18 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1cafb46d8a742b3;Google Update Service (gupdate1cafb46d8a742b3);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw1v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 MySecurityCenter License Service;MySecurityCenter License Service;c:\program files (x86)\MySecurityCenter\Programs\service.exe;c:\program files (x86)\MySecurityCenter\Programs\service.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 14:38]
.
2013-09-16 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-09-17 13:24]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 13:41]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 13:41]
.
2011-04-23 c:\windows\Tasks\Net4Switch.job
- c:\program files\ASUS\Net4Switch\Net4Switch.exe [2010-04-18 11:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 1356240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9500325AS_5VE4R957XXXX5VE4R957&ts=1365591596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default-1372696450576\
FF - prefs.js: browser.startup.homepage - hxxp://ecosia.org/?sc=de
FF - ExtSQL: 2013-08-05 18:11; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default-1372696450576\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-26 22:19; {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}; c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default-1372696450576\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
URLSearchHooks-{9427041a-a8dc-4d06-9a68-93873486e957} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
Wow6432Node-HKCU-Run-KiesPreload - c:\program files (x86)\Samsung\Kies\Kies.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-SecureW2 Tray - c:\program files (x86)\SecureW2\sw2_tray.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
AddRemove-Moorhuhn - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn 2 deinstallieren - c:\windows\IsUn0407.exe
AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-16  18:08:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-16 16:08
.
Vor Suchlauf: 17 Verzeichnis(se), 211.322.949.632 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 227.337.539.584 Bytes frei
.
- - End Of File - - DE0B9B4E292411B8E5145FF4BA292239
5C616939100B85E558DA92B899A0FC36
         

Alt 16.09.2013, 23:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.09.2013, 16:39   #9
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



Ok habe ich gemacht, dass ist das letzte Logfile was er erstellt hat.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Asus :: ASUS-PC [administrator]

17.09.2013 15:56:13
mbar-log-2013-09-17 (15-56-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 256856
Time elapsed: 36 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 17.09.2013, 17:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.09.2013, 17:58   #11
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



habe adwcleaner heruntergeladen und ausgeführt
Code:
ATTFilter
# AdwCleaner v3.004 - Bericht erstellt am 17/09/2013 um 17:12:31
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Asus - ASUS-PC
# Gestartet von : C:\Users\Asus\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\Desk 365
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Asus\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Asus\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\2fn7feis.default\ConduitCommon
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Asus\Desktop\alles\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1351351
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3008668
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader30110[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader30110[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_autostitch_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_autostitch_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euchler-haushaltsbuch_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euchler-haushaltsbuch_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ikea-home-planer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ikea-home-planer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jpeg-to-pdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jpeg-to-pdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_office-2007-service-pack[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_office-2007-service-pack[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoplus_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoplus_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picnik_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picnik_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_reise-vx_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_reise-vx_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_texmakerx_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_texmakerx_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_the-panorama-factory_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_the-panorama-factory_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visual-c-2008_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visual-c-2008_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32C59D94-834B-474F-88C0-C4B75C574D2E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default-1372696450576\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : search_url

*************************

AdwCleaner[R0].txt - [14778 octets] - [17/09/2013 17:10:47]
AdwCleaner[S0].txt - [12836 octets] - [17/09/2013 17:12:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12897 octets] ##########
         
Hier einmal der inhalt vom Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Asus on 17.09.2013 at 17:22:32,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3201920304-2889548218-1509885935-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1651D325-2BBC-409C-9EB2-A6EE3A839165}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{657DF0D1-258C-4bea-8C18-1EAAB431E726}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3988866-5BC3-484B-B8B9-5551B8BF001C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F9BCCCD4-723E-4296-9DE7-1C0DD9B72AE7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FE077C6E-A0C0-4EA5-B32B-01A28B827703}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\fighters"
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{02A3DD68-4E55-48EF-8B51-8C4C9B75AD03}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{03FE4242-F46F-431E-8DC2-4CA43B7130A0}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{047F509F-7964-4CC4-AAB1-D370DDA153F5}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{06EEF5BE-577F-480F-974A-62780FB4F99E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0A6BBD9D-37AB-4B15-97FE-AAF822585123}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0A752EE6-19EA-4B7D-A583-A5C896BCE2EB}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0B898655-90A3-4106-A34D-4CEE1D3AED32}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0BB49EEF-F49F-4BE8-A334-D24D8459EF65}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0C84904E-E823-4503-B0F5-4E1DEAB4E625}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0D87E091-DEA8-4BB1-A6C2-3DB88FFEBD2D}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{0FC6553F-20ED-46CB-BFD0-28081003A476}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{1001B86D-9CC5-416D-8A3D-31E9FA61E909}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{10ABE8C4-BFD4-4900-B7A4-BFBA56325150}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{11BD8323-792E-41E8-909B-E1FEE353DEC8}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{129096A3-1377-46A6-AA22-270604B69003}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{1509680B-1587-4630-9E85-9C189FDEB47A}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{15E8674F-DB20-4774-9316-1227A84CA177}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{167EF0E9-7D2F-4013-BA8B-E33B418A8034}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{170442C4-0619-4A44-A6E9-6E461217ACB6}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{182199E0-6E80-494C-AA86-BEA026F69F88}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{1BAFBAED-C19F-4F78-99C0-9FD0B53A5B8B}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{1CB65A6F-8839-4534-AB1F-E0194ABF22E5}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{1D19276E-6D22-445F-AB37-E36B504E8D72}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{2013DF05-4045-486F-98A5-C5C1D152B0E2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{233D2DAA-C038-4FA8-8EA2-B301929369B8}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{2569625B-7F4D-490A-B100-6D869EDB8DBD}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{25A4017A-A6A2-400C-A052-96B6B77BE999}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{29B7A508-DD12-4F61-B793-D97B7AF780A4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{2E74AC9F-D4BD-4A62-9D2F-65DF92CB90D9}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{2F6F2059-C086-4258-BFE6-166DDA6F7C36}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{31FF620C-2698-4BC7-AA99-AB9491C6FC7E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3808658F-B0A1-479D-9A22-36C6C2F7DC22}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{38EDFC08-5C8E-460C-993D-A4C6C5F34693}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3A999E3C-E1DE-45F6-8998-9BF260711602}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3A9C15D1-822E-4767-92D8-E1E124B30697}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3ABAD03B-97CE-4ED7-A14F-32306B29C248}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3DC5E193-6562-4C04-B8C1-70E03B630468}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3E44453D-9AC3-45A9-A295-E9AF97D280F4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{3F95ADCE-0227-4E62-A063-016975D7E2E4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{43FE6B94-C25E-4BE4-A2E4-A59EB8FD66A2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{44DCA168-B88B-4B80-89DE-52A616CB3EBE}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{45534363-A36F-4C54-BCF7-C217B8974B72}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{4689D8A3-F2BA-40C0-A9C2-676F6133FA3E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{478BB9C5-423B-453C-91B9-8AD164ECB0B2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{48744525-3B93-4E24-A695-2689D16C47F1}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{4DB82869-1552-4D59-95F3-326D1A102348}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{4F076E30-4CB9-4A27-9ACA-5FCFC5EF60A7}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{4FD398D1-AC5B-4D6C-9267-668113A18444}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{507F6D4E-739D-49EB-93F4-1C6DD0B29696}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{55F182A9-51C2-439A-B239-102D6D6F40EE}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{56D646AA-8623-4FB5-BFD5-7A3864B043A2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{5832F8C6-DD0A-4161-885C-0B77282307B4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{5D4A969E-E8DF-4757-B553-C07C1CC92C9D}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{5D58A031-CD13-48EF-85B8-5E08069227FB}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{5F5E3304-385A-46F4-A610-066E597C7693}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{60180593-8F66-4F18-8F38-52287FBCDB84}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{60423B38-98B0-4C38-8243-C62BAA4137D6}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{609DE235-542E-438A-AF6A-4DFF71566B55}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{628F2DA4-2723-4146-8D43-CD527C7E241B}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{6395D01A-AAE9-45EF-B057-3BB401325432}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{68C20DA8-5438-475B-B1CA-B0CABE0CF39F}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{69212EAC-A5F0-4DC8-A4B3-DF3E9B31FA5A}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{69E8E711-6C2A-4FFE-997A-E38F977F3CF4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{6C267FFE-1E20-4C53-90B0-8BB17C34FD56}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{6DEA6F88-4D9D-4486-99F9-6939206F9E57}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{6E602204-F21B-4BCB-AB8C-7715B7E797E1}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{6F52B01F-94F5-4BAF-8BB5-69B630E0CCB1}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{6F7B7050-C5E0-4C45-AF18-672276F64533}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{70860134-9912-4426-A62D-8A1EE0434C2C}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{71037570-5A1A-4C2A-AF2F-0ADA22BE3E15}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{71A175E2-1B06-43EF-A7CD-CBF6051930E7}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{72E9A5D3-55A6-4044-A51A-BBD02A21EC1C}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{739B5CCE-CE6B-4120-9B6C-4CE5A27F7A4D}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{73A5AD56-76C4-4688-8DC3-32626D8A8577}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{73E749F7-C95E-447D-ACCE-74434AEA0E64}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{7536F0C5-9ECE-4667-AD07-10D514ACDE28}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{75E007D7-70E7-476F-92E0-4A76C3BEFF0A}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{777DFBA6-EC0C-41C2-8DC3-85B286CFE723}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{79F19A6D-135D-4D46-8BC8-AC2F8284F00F}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{7AFB3127-7F3E-4867-B778-00EFC3A8B8CC}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{7BEB9224-B961-45DB-BC8B-8611D7680DB2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{7C049FCF-341B-4D0A-AA45-E7D6CD6D5CB3}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{7DB0AD60-E40F-4DBE-8D13-B958DF8E9B03}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{7F51DC52-FD54-4A48-94F5-1D3F154BAE0E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{80E03A38-BC80-420D-A706-279FE948C3A8}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{829B76F0-3EA3-4779-B268-8D6E23E0F11B}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{8FAD4FF4-29A8-44F5-9D12-91082A742A2D}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{90FFE6DA-1D95-48E1-9EBD-197B9DE8C015}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{930C5EA0-DEA1-4BC3-8D9E-8EDD685CCEC4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{975C99CF-1D2C-4F94-9182-B50A99CDA8F8}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{97994A6D-1B0C-4BC1-B7ED-F2EA306483B9}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{9A2B0963-3F47-455A-BC11-A7768C396487}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{9A33A088-40B4-49BA-AACE-5B5570B27CF5}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{9BA840F4-1C16-49FB-BBE6-DA33FEC81E3E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{9C1E68A9-5286-4CA0-A8D7-453EF17E5277}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{9DE62D59-7EED-4DC7-9901-62AE99F58631}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{9FD170C1-150A-47B7-AA73-EDA8DB395DFF}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{A11A7A9C-E00C-49F9-A0A7-2210C66C798E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{A29F68B5-8627-4896-89FD-B1A2B2A119C7}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{A3C018D4-01E7-4C78-BB99-3E4A5197BC11}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{A3CE0225-C958-44FC-8A32-714DB5B303E3}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{A4EA4F27-2129-471A-B697-78DFE90F70F8}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{AA78E24C-2D9F-48C7-9DAB-35D8F58C9367}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{AB490999-673B-4937-B0CC-AA2094A31E87}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{ACDA0456-0525-49B1-9A42-3B57C9B9FB59}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{ADE3297C-64AF-48C7-97E2-67BEC4B31635}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{ADFEF502-6655-44FD-BA52-D574272BA339}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{AFA57274-3A65-41CC-94BB-1613ABA06C36}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B11C3007-9DA4-4517-AFA6-8950BA540B3C}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B1FF8BDE-CCD0-40BD-B7FC-4ADCF9D2AEA6}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B339F614-6D1D-4A99-B5F7-0D301E1A0F45}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B3794258-4C46-4661-84BE-88CD66A609C4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B44EE286-CC8C-4A37-88D5-6F97E601060C}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B5997312-783B-4DAA-AE94-306DCE66D3AA}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B5A3C9FC-B1D4-487E-B549-9225B2B8514F}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B680975B-BE6C-4918-A213-A848AF2D9011}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{B769147C-A31F-4033-9D36-D0F4F1204F89}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BADF052C-FCC5-4BF7-81EC-3F89EA7CB0DA}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BB60EB40-7431-4DEF-BB1B-06DED4AA1C1E}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BB63EBD2-7866-4E7D-9333-2836CBA14BAB}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BB655937-35DD-4D7A-8B6E-40B1775235AE}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BBA5BE09-A9AF-4C01-8C8E-4A15658CC555}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BC686FB9-6E42-4481-972E-C620ACA47531}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BDB96646-D739-46EA-A6A2-B8AE94E47DE2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{BDE71516-BC07-4BC6-AF1D-5101D4660381}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C0817637-F284-4A6B-A1B3-7990BF87F3D8}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C115FC7E-4422-4007-AC91-318FB260A1DB}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C247B15C-6050-4BDE-948F-8FC5AD8B375A}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C2CA536E-F629-4732-AEB0-537641CCA8E3}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C2FD6999-5990-4CD3-BCF8-C08B09E493A5}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C654668D-8147-4A57-B7B1-4FEACB1A3D79}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C716237F-C932-4DCE-853A-0D6EC8F584FD}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C809A35E-B73E-4071-A1B2-1EE9C1CECE2C}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{C994119A-F202-4808-8324-7272F5DAA9DE}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{CB11A035-458D-4EF1-91DA-6E405409C669}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{CDB56800-467F-4454-80B7-E580DFD26DBB}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{CF24A52B-A8F6-4844-B5D0-632532955EE7}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D0F21595-61BA-4CBC-B2B7-301B4DD4A3B0}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D20A1D4C-AD28-4185-8ACD-7B61A3CAB581}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D2B38FDA-DA93-4793-BBCB-015F91389A55}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D3122835-2741-4673-95EC-88F12432B1E6}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D333437A-C58A-42B6-B4A5-0193DD88A175}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D3C7ABBD-0F89-47A6-908D-041703554FE6}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D4AD1DA3-67FD-46D4-830F-474FF6E64600}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D737C184-69DF-4EA1-98AD-7B4DAA9DF4BE}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{D95D4F83-9145-406B-B10D-F51A079C3BA2}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{DA19AAAA-BFBE-420E-892A-89BE31F75B70}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{DB280964-7F79-4540-B0C1-6273C64845C5}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{DF4CC7AC-2587-4CB2-9017-8FB81C175E68}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{DFCF6D40-9026-4221-B887-F17D739C29DA}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E132903D-BD70-4136-9B85-EE446C4E772D}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E38C6974-CD80-4EE8-95FC-C96B5A82FCDC}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E4BDCE64-DAAA-4468-A337-B37A949836C0}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E51CAFC9-0C24-4E94-98D5-75713919C3E0}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E6640E5F-17FE-4809-BA79-DCD9368520D7}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E7083EDA-B551-487E-A9AE-652375D18399}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E7269478-6F44-4DEC-AF04-6A00882A09D7}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E8B5CF24-777B-490B-9DF0-A62F9EBE94AA}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E8F361E7-945C-4308-8618-71B98FBD2EF3}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E8FF0CF5-0484-4547-A93F-4555624004FD}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{E987CBC9-75C8-44D6-805B-CA9324869B60}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{EB636F7D-AAE7-4DC2-95F4-3A01A1241D91}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{EC025F39-509C-4852-A6C0-6F18B1EBD6F4}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{EE48F7AA-54DB-45DB-8803-0DF2F57ED87B}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{EE9702B4-8EB2-4682-8B67-829225AEDA6A}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F0C48DE9-007C-4520-92E4-C83667108D66}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F1B6058B-7D03-44CE-95C1-014A6EDF9F76}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F24F9AF4-21F1-42C6-A514-9E96E1952A95}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F27DC568-83EA-4630-988C-EE00BCABFE7F}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F4A1F5DB-C81A-4752-8BF3-BD45D1377773}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F541A628-B835-4378-A801-37279003C7ED}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F56F5194-AFEA-4DFB-B7B6-8856DE323E98}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{F64BCED2-3487-4FE8-AF40-8CACE8BD447B}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{FAEE396B-7510-4F3A-B50E-2A4EF0282D0C}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{FD08B93A-E686-4918-8A88-284BB13A9206}
Successfully deleted: [Empty Folder] C:\Users\Asus\appdata\local\{FFFC26AA-5E4F-41DC-B4C8-CF73695B5746}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\nxd6tc1o.default-1372696450576\minidumps [34 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.09.2013 at 17:43:36,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und hier das ergebniss vonFarbars recovers scan tool

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Asus (administrator) on ASUS-PC on 17-09-2013 17:50:40
Running from C:\Users\Asus\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\MySecurityCenter\Programs\service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Sophos Limited) C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\alupdate.exe
(Mozilla Corporation) C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Asus\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [setc] - C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe [389736 2007-07-09] (MySecurityCenter)
HKLM-x32\...\Run: [regist] - C:\Program Files (x86)\MySecurityCenter\Programs\Info.exe [389736 2007-07-09] (MySecurityCenter)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-10-22] (Sophos Limited)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [523216 2011-09-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {9FA5EA01-FE8B-4172-B43F-A21530142DDD} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {B15510A7-50CF-4DF9-8909-D39C178BBB26} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CB92DBA8-6423-4485-ABB3-41EED9B47B94} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKCU - {F5C2D0D4-7611-470E-B72B-1371E1B37CA3} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {FFCD1CD0-6BBE-4B6F-83D7-2F2D19B7D85C} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ecosia Class - {8E63A864-CDFC-476c-839A-9D0A88CEAE33} - C:\Program Files (x86)\Ecosia\ecosia.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files (x86)\Ecosia\ecosia.dll ()
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 gupdate1cafb46d8a742b3; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-05-24] (Google Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 MySecurityCenter License Service; C:\Program Files (x86)\MySecurityCenter\Programs\service.exe [78696 2007-05-21] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-12-04] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-10-22] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-10-22] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-22] (Sophos Limited)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-12-04] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-12-04] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-10-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-10-22] (Sophos Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-10-22] (Sophos Plc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 17:49 - 2013-09-17 17:49 - 01950524 _____ (Farbar) C:\Users\Asus\Downloads\FRST64(1).exe
2013-09-17 17:43 - 2013-09-17 17:43 - 00020443 _____ C:\Users\Asus\Desktop\JRT.txt
2013-09-17 17:22 - 2013-09-17 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 17:21 - 2013-09-17 17:21 - 01029675 _____ (Thisisu) C:\Users\Asus\Downloads\JRT.exe
2013-09-17 17:10 - 2013-09-17 17:12 - 00000000 ____D C:\AdwCleaner
2013-09-17 17:08 - 2013-09-17 17:08 - 01039554 _____ C:\Users\Asus\Downloads\adwcleaner.exe
2013-09-17 14:52 - 2013-09-17 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 14:51 - 2013-09-17 16:34 - 00000000 ____D C:\Users\Asus\Desktop\mbar
2013-09-17 14:51 - 2013-09-17 14:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005(1).exe
2013-09-17 14:50 - 2013-09-17 14:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005.exe
2013-09-16 18:08 - 2013-09-16 18:08 - 00031241 _____ C:\ComboFix.txt
2013-09-16 17:10 - 2013-09-16 18:09 - 00000000 ____D C:\ComboFix
2013-09-16 17:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-16 17:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-16 17:09 - 2013-09-16 18:09 - 00000000 ____D C:\Qoobox
2013-09-16 17:08 - 2013-09-16 18:02 - 00000000 ____D C:\Windows\erdnt
2013-09-16 17:03 - 2013-09-16 17:03 - 05126233 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe
2013-09-14 10:34 - 2013-09-14 10:35 - 00033942 _____ C:\Users\Asus\Documents\Baukonstruktion (Vips).apkg
2013-09-13 19:43 - 2013-09-13 19:44 - 01949784 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2013-09-13 19:35 - 2013-09-13 19:37 - 00052019 _____ C:\Users\Asus\Downloads\Addition.txt
2013-09-13 19:32 - 2013-09-13 19:32 - 00000000 ____D C:\FRST
2013-09-13 19:17 - 2013-09-13 19:17 - 00002073 _____ C:\Users\Asus\Desktop\Scan Report 13-09-13.lnk
2013-09-13 16:07 - 2013-09-17 17:16 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-09-13 15:10 - 2013-09-13 19:17 - 00001322 _____ C:\Users\Asus\Desktop\Small . CARemoval Tool.lnk
2013-09-13 15:10 - 2013-09-13 19:17 - 00000000 ____D C:\Program Files (x86)\Small . CARemoval Tool
2013-09-13 15:10 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-09-13 15:10 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2013-09-13 15:10 - 2009-07-23 18:32 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-09-13 15:10 - 2009-07-23 18:32 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-09-13 15:03 - 2013-09-13 15:04 - 02880824 _____ (Security Stronghold                                         ) C:\Users\Asus\Downloads\Small.CARemovalTool.exe
2013-09-13 14:50 - 2013-09-13 14:50 - 00017057 _____ C:\Users\Asus\Downloads\hijackthis.log
2013-09-13 14:49 - 2013-09-13 14:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Asus\Downloads\HijackThis.exe
2013-09-13 14:13 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 14:13 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 14:13 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 14:13 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 14:12 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 14:12 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 14:12 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 14:12 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 14:12 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 14:12 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 14:12 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 14:12 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 14:12 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 14:12 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 14:07 - 2013-09-13 14:10 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-13 14:04 - 2013-09-13 14:05 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall(1).exe
2013-09-13 14:00 - 2013-09-13 14:02 - 90889040 _____ (Apple Inc.) C:\Users\Asus\Downloads\iTunes64Setup.exe
2013-09-13 13:46 - 2013-09-13 13:47 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2013-09-13 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-09 22:37 - 2013-09-09 22:37 - 00001258 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-08 17:21 - 2013-09-17 15:23 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-08-29 01:39 - 2013-08-29 01:39 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-29 01:38 - 2013-08-29 01:39 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 01:38 - 2013-08-29 01:39 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iPod
2013-08-24 21:06 - 2013-08-24 21:15 - 00003733 _____ C:\Users\Asus\Downloads\Wochenendvereinsausflug Neusehland.tmd
2013-08-19 14:15 - 2013-08-19 14:15 - 07369781 _____ C:\Users\Asus\Downloads\Bauchemie II.apkg
2013-08-18 22:00 - 2013-08-18 22:00 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2(1).apkg
2013-08-18 21:58 - 2013-08-18 21:58 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2.apkg
2013-08-18 21:06 - 2013-08-18 21:06 - 00000000 _____ C:\Windows\system32\vireng.log
2013-08-18 20:58 - 2013-08-18 21:54 - 00000000 ____D C:\Users\Asus\AppData\Local\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-17 17:50 - 2010-05-24 20:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 17:49 - 2013-09-17 17:49 - 01950524 _____ (Farbar) C:\Users\Asus\Downloads\FRST64(1).exe
2013-09-17 17:43 - 2013-09-17 17:43 - 00020443 _____ C:\Users\Asus\Desktop\JRT.txt
2013-09-17 17:35 - 2012-12-19 10:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 17:33 - 2009-10-12 17:37 - 01321176 _____ C:\Windows\WindowsUpdate.log
2013-09-17 17:24 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 17:24 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 17:22 - 2013-09-17 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 17:21 - 2013-09-17 17:21 - 01029675 _____ (Thisisu) C:\Users\Asus\Downloads\JRT.exe
2013-09-17 17:17 - 2010-04-18 19:17 - 00000000 ___HD C:\ASUS.DAT
2013-09-17 17:16 - 2013-09-13 16:07 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-09-17 17:16 - 2010-05-24 20:55 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 17:15 - 2011-09-17 23:45 - 00000408 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-09-17 17:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 17:14 - 2009-07-14 06:51 - 00197918 _____ C:\Windows\setupact.log
2013-09-17 17:12 - 2013-09-17 17:10 - 00000000 ____D C:\AdwCleaner
2013-09-17 17:12 - 2011-07-15 14:39 - 00000000 ____D C:\Users\Asus\Desktop\alles
2013-09-17 17:12 - 2010-02-11 13:50 - 00000995 _____ C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 17:09 - 2012-12-11 21:17 - 00020480 ___SH C:\Users\Asus\Thumbs.db
2013-09-17 17:08 - 2013-09-17 17:08 - 01039554 _____ C:\Users\Asus\Downloads\adwcleaner.exe
2013-09-17 16:34 - 2013-09-17 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 16:34 - 2013-09-17 14:51 - 00000000 ____D C:\Users\Asus\Desktop\mbar
2013-09-17 15:23 - 2013-09-08 17:21 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-09-17 14:51 - 2013-09-17 14:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005(1).exe
2013-09-17 14:51 - 2013-09-17 14:50 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005.exe
2013-09-16 18:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-16 18:09 - 2013-09-16 17:10 - 00000000 ____D C:\ComboFix
2013-09-16 18:09 - 2013-09-16 17:09 - 00000000 ____D C:\Qoobox
2013-09-16 18:09 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-16 18:08 - 2013-09-16 18:08 - 00031241 _____ C:\ComboFix.txt
2013-09-16 18:02 - 2013-09-16 17:08 - 00000000 ____D C:\Windows\erdnt
2013-09-16 17:47 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-16 17:46 - 2012-08-19 00:43 - 00613708 _____ C:\Windows\PFRO.log
2013-09-16 17:45 - 2009-07-14 04:34 - 23592960 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 108265472 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 05505024 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-16 17:41 - 2010-02-11 13:41 - 00000000 ____D C:\Users\Asus
2013-09-16 17:03 - 2013-09-16 17:03 - 05126233 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe
2013-09-16 16:24 - 2013-04-02 11:46 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA765B4D-1B6A-4C2A-B553-F4C9D7A431FD}
2013-09-14 15:40 - 2009-08-04 11:51 - 00722634 _____ C:\Windows\system32\perfh007.dat
2013-09-14 15:40 - 2009-08-04 11:51 - 00158034 _____ C:\Windows\system32\perfc007.dat
2013-09-14 15:40 - 2009-07-14 07:13 - 01682300 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-14 15:31 - 2010-05-24 15:41 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2013-09-14 10:35 - 2013-09-14 10:34 - 00033942 _____ C:\Users\Asus\Documents\Baukonstruktion (Vips).apkg
2013-09-13 19:59 - 2009-10-12 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 19:44 - 2013-09-13 19:43 - 01949784 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2013-09-13 19:37 - 2013-09-13 19:35 - 00052019 _____ C:\Users\Asus\Downloads\Addition.txt
2013-09-13 19:32 - 2013-09-13 19:32 - 00000000 ____D C:\FRST
2013-09-13 19:17 - 2013-09-13 19:17 - 00002073 _____ C:\Users\Asus\Desktop\Scan Report 13-09-13.lnk
2013-09-13 19:17 - 2013-09-13 15:10 - 00001322 _____ C:\Users\Asus\Desktop\Small . CARemoval Tool.lnk
2013-09-13 19:17 - 2013-09-13 15:10 - 00000000 ____D C:\Program Files (x86)\Small . CARemoval Tool
2013-09-13 16:38 - 2012-12-19 10:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 16:38 - 2012-06-07 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 16:37 - 2011-07-05 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 15:04 - 2013-09-13 15:03 - 02880824 _____ (Security Stronghold                                         ) C:\Users\Asus\Downloads\Small.CARemovalTool.exe
2013-09-13 14:50 - 2013-09-13 14:50 - 00017057 _____ C:\Users\Asus\Downloads\hijackthis.log
2013-09-13 14:49 - 2013-09-13 14:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Asus\Downloads\HijackThis.exe
2013-09-13 14:26 - 2010-02-11 13:50 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 14:26 - 2010-02-11 13:41 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 14:23 - 2009-07-14 06:45 - 05061808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 14:11 - 2013-07-25 19:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 14:10 - 2013-09-13 14:07 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-13 14:05 - 2013-09-13 14:04 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall(1).exe
2013-09-13 14:05 - 2010-09-29 16:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 14:02 - 2013-09-13 14:00 - 90889040 _____ (Apple Inc.) C:\Users\Asus\Downloads\iTunes64Setup.exe
2013-09-13 13:47 - 2013-09-13 13:46 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2013-09-13 10:40 - 2011-06-13 13:50 - 00000000 ____D C:\ProgramData\tmp
2013-09-13 10:40 - 2011-06-13 13:50 - 00000000 ____D C:\ProgramData\hps
2013-09-12 16:45 - 2012-03-20 21:08 - 00000000 ____D C:\Users\Asus\AppData\Local\Paint.NET
2013-09-11 14:36 - 2011-07-12 17:23 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Dropbox
2013-09-11 13:30 - 2011-07-12 17:26 - 00000000 ___RD C:\Users\Asus\Dropbox
2013-09-10 19:24 - 2012-03-20 21:09 - 00001290 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-10 19:24 - 2012-03-20 21:08 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-09 22:37 - 2013-09-09 22:37 - 00001258 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-09 22:37 - 2013-01-07 18:51 - 00001258 _____ C:\Users\Public\Desktop\BUDNI Fotowelt.lnk
2013-09-08 17:21 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 02:41 - 2013-06-07 21:20 - 00000600 _____ C:\Users\Asus\AppData\Local\PUTTY.RND
2013-08-29 01:39 - 2013-08-29 01:39 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-29 01:39 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 01:39 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 01:39 - 2011-08-19 21:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iPod
2013-08-24 21:15 - 2013-08-24 21:06 - 00003733 _____ C:\Users\Asus\Downloads\Wochenendvereinsausflug Neusehland.tmd
2013-08-19 14:22 - 2011-07-12 17:26 - 00001017 _____ C:\Users\Asus\Desktop\Dropbox.lnk
2013-08-19 14:22 - 2011-07-12 17:23 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-19 14:15 - 2013-08-19 14:15 - 07369781 _____ C:\Users\Asus\Downloads\Bauchemie II.apkg
2013-08-19 08:04 - 2012-10-01 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 22:00 - 2013-08-18 22:00 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2(1).apkg
2013-08-18 21:58 - 2013-08-18 21:58 - 00044089 _____ C:\Users\Asus\Downloads\Bauchemie 2.apkg
2013-08-18 21:54 - 2013-08-18 20:58 - 00000000 ____D C:\Users\Asus\AppData\Local\Mozilla Firefox
2013-08-18 21:06 - 2013-08-18 21:06 - 00000000 _____ C:\Windows\system32\vireng.log

ZeroAccess:
C:\Users\Asus\AppData\Local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}

Files to move or delete:
====================
C:\Users\Asus\PhotoshopElements_9_LS15.exe


Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 15:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 17.09.2013, 22:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Asus\AppData\Local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}
C:\Users\Asus\PhotoshopElements_9_LS15.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.09.2013, 12:07   #13
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



hier der Inhalt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by Asus at 2013-09-18 12:02:06 Run:1
Running from C:\Users\Asus\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Asus\AppData\Local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a}
C:\Users\Asus\PhotoshopElements_9_LS15.exe
         
*****************

C:\Users\Asus\AppData\Local\{33ffd933-7ba1-b6f0-bf2d-aa484ac5c40a} => Moved successfully.
C:\Users\Asus\PhotoshopElements_9_LS15.exe => Moved successfully.

==== End of Fixlog ====
         

Alt 18.09.2013, 12:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32/small.ca virus - Standard

win32/small.ca virus



Ok. Ein neues FRST Log bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.09.2013, 13:48   #15
weißauchnich
 
win32/small.ca virus - Standard

win32/small.ca virus



Jetzt habe ich nochmal gegscant, sollte ich das ?


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Asus (administrator) on ASUS-PC on 18-09-2013 13:42:50
Running from C:\Users\Asus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\MySecurityCenter\Programs\service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Sophos Limited) C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\alupdate.exe
(Mozilla Corporation) C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Asus\Desktop\FRST64(2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [setc] - C:\Program Files (x86)\MySecurityCenter\Programs\setc.exe [389736 2007-07-09] (MySecurityCenter)
HKLM-x32\...\Run: [regist] - C:\Program Files (x86)\MySecurityCenter\Programs\Info.exe [389736 2007-07-09] (MySecurityCenter)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-10-22] (Sophos Limited)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [523216 2011-09-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {9FA5EA01-FE8B-4172-B43F-A21530142DDD} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {B15510A7-50CF-4DF9-8909-D39C178BBB26} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CB92DBA8-6423-4485-ABB3-41EED9B47B94} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKCU - {F5C2D0D4-7611-470E-B72B-1371E1B37CA3} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {FFCD1CD0-6BBE-4B6F-83D7-2F2D19B7D85C} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ecosia Class - {8E63A864-CDFC-476c-839A-9D0A88CEAE33} - C:\Program Files (x86)\Ecosia\ecosia.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files (x86)\Ecosia\ecosia.dll ()
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nxd6tc1o.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Asus\AppData\Local\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 gupdate1cafb46d8a742b3; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-05-24] (Google Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 MySecurityCenter License Service; C:\Program Files (x86)\MySecurityCenter\Programs\service.exe [78696 2007-05-21] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-12-04] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-10-22] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-10-22] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-22] (Sophos Limited)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-12-04] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-12-04] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-10-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-10-22] (Sophos Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-10-22] (Sophos Plc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 12:00 - 2013-09-18 12:00 - 01950524 _____ (Farbar) C:\Users\Asus\Desktop\FRST64(2).exe
2013-09-17 17:53 - 2013-09-17 17:57 - 00049861 _____ C:\Users\Asus\Downloads\FRST.txt
2013-09-17 17:49 - 2013-09-17 17:49 - 01950524 _____ (Farbar) C:\Users\Asus\Downloads\FRST64(1).exe
2013-09-17 17:43 - 2013-09-17 17:43 - 00020443 _____ C:\Users\Asus\Desktop\JRT.txt
2013-09-17 17:22 - 2013-09-17 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 17:21 - 2013-09-17 17:21 - 01029675 _____ (Thisisu) C:\Users\Asus\Downloads\JRT.exe
2013-09-17 17:10 - 2013-09-17 17:12 - 00000000 ____D C:\AdwCleaner
2013-09-17 17:08 - 2013-09-17 17:08 - 01039554 _____ C:\Users\Asus\Downloads\adwcleaner.exe
2013-09-17 14:52 - 2013-09-17 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 14:51 - 2013-09-17 16:34 - 00000000 ____D C:\Users\Asus\Desktop\mbar
2013-09-17 14:51 - 2013-09-17 14:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005(1).exe
2013-09-17 14:50 - 2013-09-17 14:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005.exe
2013-09-16 18:08 - 2013-09-16 18:08 - 00031241 _____ C:\ComboFix.txt
2013-09-16 17:10 - 2013-09-16 18:09 - 00000000 ____D C:\ComboFix
2013-09-16 17:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-16 17:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-16 17:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-16 17:09 - 2013-09-16 18:09 - 00000000 ____D C:\Qoobox
2013-09-16 17:08 - 2013-09-16 18:02 - 00000000 ____D C:\Windows\erdnt
2013-09-16 17:03 - 2013-09-16 17:03 - 05126233 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe
2013-09-14 10:34 - 2013-09-14 10:35 - 00033942 _____ C:\Users\Asus\Documents\Baukonstruktion (Vips).apkg
2013-09-13 19:43 - 2013-09-13 19:44 - 01949784 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2013-09-13 19:35 - 2013-09-13 19:37 - 00052019 _____ C:\Users\Asus\Downloads\Addition.txt
2013-09-13 19:32 - 2013-09-13 19:32 - 00000000 ____D C:\FRST
2013-09-13 19:17 - 2013-09-13 19:17 - 00002073 _____ C:\Users\Asus\Desktop\Scan Report 13-09-13.lnk
2013-09-13 16:07 - 2013-09-18 11:55 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-09-13 15:10 - 2013-09-13 19:17 - 00001322 _____ C:\Users\Asus\Desktop\Small . CARemoval Tool.lnk
2013-09-13 15:10 - 2013-09-13 19:17 - 00000000 ____D C:\Program Files (x86)\Small . CARemoval Tool
2013-09-13 15:10 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-09-13 15:10 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2013-09-13 15:10 - 2009-07-23 18:32 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-09-13 15:10 - 2009-07-23 18:32 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-09-13 15:03 - 2013-09-13 15:04 - 02880824 _____ (Security Stronghold                                         ) C:\Users\Asus\Downloads\Small.CARemovalTool.exe
2013-09-13 14:50 - 2013-09-13 14:50 - 00017057 _____ C:\Users\Asus\Downloads\hijackthis.log
2013-09-13 14:49 - 2013-09-13 14:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Asus\Downloads\HijackThis.exe
2013-09-13 14:13 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 14:13 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 14:13 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 14:13 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 14:12 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 14:12 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 14:12 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 14:12 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 14:12 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 14:12 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 14:12 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 14:12 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 14:12 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 14:12 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 14:12 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 14:12 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 14:07 - 2013-09-13 14:10 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-13 14:04 - 2013-09-13 14:05 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall(1).exe
2013-09-13 14:00 - 2013-09-13 14:02 - 90889040 _____ (Apple Inc.) C:\Users\Asus\Downloads\iTunes64Setup.exe
2013-09-13 13:46 - 2013-09-13 13:47 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2013-09-13 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-09 22:37 - 2013-09-09 22:37 - 00001258 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-08 17:21 - 2013-09-18 11:55 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-08-29 01:39 - 2013-08-29 01:39 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-29 01:38 - 2013-08-29 01:39 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 01:38 - 2013-08-29 01:39 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iPod
2013-08-24 21:06 - 2013-08-24 21:15 - 00003733 _____ C:\Users\Asus\Downloads\Wochenendvereinsausflug Neusehland.tmd
2013-08-19 14:15 - 2013-08-19 14:15 - 07369781 _____ C:\Users\Asus\Downloads\Bauchemie II.apkg

==================== One Month Modified Files and Folders =======

2013-09-18 13:37 - 2013-08-18 20:58 - 00000000 ____D C:\Users\Asus\AppData\Local\Mozilla Firefox
2013-09-18 13:35 - 2012-12-19 10:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 12:50 - 2010-05-24 20:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 12:48 - 2009-10-12 17:37 - 01331976 _____ C:\Windows\WindowsUpdate.log
2013-09-18 12:02 - 2010-02-11 13:41 - 00000000 ____D C:\Users\Asus
2013-09-18 12:00 - 2013-09-18 12:00 - 01950524 _____ (Farbar) C:\Users\Asus\Desktop\FRST64(2).exe
2013-09-18 11:55 - 2013-09-13 16:07 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-09-18 11:55 - 2013-09-08 17:21 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-09-18 11:48 - 2011-09-17 23:45 - 00000408 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-09-18 11:48 - 2010-05-24 15:41 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2013-09-17 17:57 - 2013-09-17 17:53 - 00049861 _____ C:\Users\Asus\Downloads\FRST.txt
2013-09-17 17:49 - 2013-09-17 17:49 - 01950524 _____ (Farbar) C:\Users\Asus\Downloads\FRST64(1).exe
2013-09-17 17:43 - 2013-09-17 17:43 - 00020443 _____ C:\Users\Asus\Desktop\JRT.txt
2013-09-17 17:24 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 17:24 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 17:22 - 2013-09-17 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 17:21 - 2013-09-17 17:21 - 01029675 _____ (Thisisu) C:\Users\Asus\Downloads\JRT.exe
2013-09-17 17:17 - 2010-04-18 19:17 - 00000000 ___HD C:\ASUS.DAT
2013-09-17 17:16 - 2010-05-24 20:55 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 17:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 17:14 - 2009-07-14 06:51 - 00197918 _____ C:\Windows\setupact.log
2013-09-17 17:12 - 2013-09-17 17:10 - 00000000 ____D C:\AdwCleaner
2013-09-17 17:12 - 2011-07-15 14:39 - 00000000 ____D C:\Users\Asus\Desktop\alles
2013-09-17 17:12 - 2010-02-11 13:50 - 00000995 _____ C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 17:09 - 2012-12-11 21:17 - 00020480 ___SH C:\Users\Asus\Thumbs.db
2013-09-17 17:08 - 2013-09-17 17:08 - 01039554 _____ C:\Users\Asus\Downloads\adwcleaner.exe
2013-09-17 16:34 - 2013-09-17 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 16:34 - 2013-09-17 14:51 - 00000000 ____D C:\Users\Asus\Desktop\mbar
2013-09-17 14:51 - 2013-09-17 14:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005(1).exe
2013-09-17 14:51 - 2013-09-17 14:50 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Asus\Downloads\mbar-1.07.0.1005.exe
2013-09-16 18:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-16 18:09 - 2013-09-16 17:10 - 00000000 ____D C:\ComboFix
2013-09-16 18:09 - 2013-09-16 17:09 - 00000000 ____D C:\Qoobox
2013-09-16 18:09 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-16 18:08 - 2013-09-16 18:08 - 00031241 _____ C:\ComboFix.txt
2013-09-16 18:02 - 2013-09-16 17:08 - 00000000 ____D C:\Windows\erdnt
2013-09-16 17:47 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-16 17:46 - 2012-08-19 00:43 - 00613708 _____ C:\Windows\PFRO.log
2013-09-16 17:45 - 2009-07-14 04:34 - 23592960 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 108265472 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 05505024 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-16 17:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-16 17:03 - 2013-09-16 17:03 - 05126233 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe
2013-09-16 16:24 - 2013-04-02 11:46 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA765B4D-1B6A-4C2A-B553-F4C9D7A431FD}
2013-09-14 15:40 - 2009-08-04 11:51 - 00722634 _____ C:\Windows\system32\perfh007.dat
2013-09-14 15:40 - 2009-08-04 11:51 - 00158034 _____ C:\Windows\system32\perfc007.dat
2013-09-14 15:40 - 2009-07-14 07:13 - 01682300 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-14 10:35 - 2013-09-14 10:34 - 00033942 _____ C:\Users\Asus\Documents\Baukonstruktion (Vips).apkg
2013-09-13 19:59 - 2009-10-12 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 19:44 - 2013-09-13 19:43 - 01949784 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2013-09-13 19:37 - 2013-09-13 19:35 - 00052019 _____ C:\Users\Asus\Downloads\Addition.txt
2013-09-13 19:32 - 2013-09-13 19:32 - 00000000 ____D C:\FRST
2013-09-13 19:17 - 2013-09-13 19:17 - 00002073 _____ C:\Users\Asus\Desktop\Scan Report 13-09-13.lnk
2013-09-13 19:17 - 2013-09-13 15:10 - 00001322 _____ C:\Users\Asus\Desktop\Small . CARemoval Tool.lnk
2013-09-13 19:17 - 2013-09-13 15:10 - 00000000 ____D C:\Program Files (x86)\Small . CARemoval Tool
2013-09-13 16:38 - 2012-12-19 10:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 16:38 - 2012-06-07 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 16:37 - 2011-07-05 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 15:04 - 2013-09-13 15:03 - 02880824 _____ (Security Stronghold                                         ) C:\Users\Asus\Downloads\Small.CARemovalTool.exe
2013-09-13 14:50 - 2013-09-13 14:50 - 00017057 _____ C:\Users\Asus\Downloads\hijackthis.log
2013-09-13 14:49 - 2013-09-13 14:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Asus\Downloads\HijackThis.exe
2013-09-13 14:26 - 2010-02-11 13:50 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 14:26 - 2010-02-11 13:41 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 14:23 - 2009-07-14 06:45 - 05061808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 14:11 - 2013-07-25 19:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 14:10 - 2013-09-13 14:07 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 14:07 - 2013-09-13 14:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-13 14:05 - 2013-09-13 14:04 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall(1).exe
2013-09-13 14:05 - 2010-09-29 16:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 14:02 - 2013-09-13 14:00 - 90889040 _____ (Apple Inc.) C:\Users\Asus\Downloads\iTunes64Setup.exe
2013-09-13 13:47 - 2013-09-13 13:46 - 13842112 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2013-09-13 10:40 - 2011-06-13 13:50 - 00000000 ____D C:\ProgramData\tmp
2013-09-13 10:40 - 2011-06-13 13:50 - 00000000 ____D C:\ProgramData\hps
2013-09-12 16:45 - 2012-03-20 21:08 - 00000000 ____D C:\Users\Asus\AppData\Local\Paint.NET
2013-09-11 14:36 - 2011-07-12 17:23 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Dropbox
2013-09-11 13:30 - 2011-07-12 17:26 - 00000000 ___RD C:\Users\Asus\Dropbox
2013-09-10 19:24 - 2012-03-20 21:09 - 00001290 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-10 19:24 - 2012-03-20 21:08 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-09 22:37 - 2013-09-09 22:37 - 00001258 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-09 22:37 - 2013-01-07 18:51 - 00001258 _____ C:\Users\Public\Desktop\BUDNI Fotowelt.lnk
2013-09-08 17:21 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 02:41 - 2013-06-07 21:20 - 00000600 _____ C:\Users\Asus\AppData\Local\PUTTY.RND
2013-08-29 01:39 - 2013-08-29 01:39 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-29 01:39 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-29 01:39 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 01:39 - 2011-08-19 21:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files\iPod
2013-08-24 21:15 - 2013-08-24 21:06 - 00003733 _____ C:\Users\Asus\Downloads\Wochenendvereinsausflug Neusehland.tmd
2013-08-19 14:22 - 2011-07-12 17:26 - 00001017 _____ C:\Users\Asus\Desktop\Dropbox.lnk
2013-08-19 14:22 - 2011-07-12 17:23 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-19 14:15 - 2013-08-19 14:15 - 07369781 _____ C:\Users\Asus\Downloads\Bauchemie II.apkg
2013-08-19 08:04 - 2012-10-01 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 15:49

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu win32/small.ca virus
acrobat update, adobe, adobe flash player, akamai, asus, bho, bonjour, computer, excel, explorer, firefox, flash player, hijack, hijack this, hijackthis, internet, internet explorer, microsoft, monitor, mozilla, nvidia, security, software, virus, windows, wmp



Ähnliche Themen: win32/small.ca virus


  1. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 16.12.2013 (4)
  2. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 28.11.2013 (2)
  3. WIN 7 Starter: Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 15.11.2013 (3)
  4. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  5. win32/small.ca-virus
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (9)
  6. Win32/Small.ca Virus
    Log-Analyse und Auswertung - 24.07.2013 (11)
  7. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  8. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (17)
  9. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  10. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (10)
  11. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 03.07.2013 (13)
  12. Win32/Small.CA-Virus .... 100.000-ste -.-
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (11)
  13. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (48)
  14. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (7)
  15. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (13)
  16. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 06.03.2013 (1)
  17. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 03.01.2013 (8)

Zum Thema win32/small.ca virus - Mein Computer hat mir erzählt, dass ich den win32/small.ca-virus auf meinem Computer habe, darauf hin hane ich hijack this benutzt und bräuchte jetzt hilfe, vielen Dank schon mal!!! Logfile of - win32/small.ca virus...
Archiv
Du betrachtest: win32/small.ca virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.