Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Systemregistrierung mit Monitoring Tool infiziert.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.06.2014, 20:31   #1
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Hallo liebes Forum,

mein PC ist mit 10 Viren in der Registry infiziert. Hier ein Bild mit dem Log. Hoffe Jemand kann mir helfen?


Alt 16.06.2014, 20:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 17.06.2014, 07:57   #3
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Hallo, erstmal vielen Dank für die Antwort.

Hier die Logdaten nach dem Scan.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Murat Celik (administrator) on MURATCELIK-PC on 17-06-2014 08:53:39
Running from C:\Users\Murat Celik\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2012-11-28] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=061413
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 08:53 - 2014-06-17 08:54 - 00013030 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-17 08:53 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST
2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-16 19:54 - 2014-06-16 19:59 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe
2014-06-16 19:51 - 2014-06-16 20:24 - 00005560 _____ () C:\Users\Murat Celik\Desktop\log.xml
2014-06-16 19:51 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-16 19:18 - 2014-06-17 08:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:18 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe
2014-06-16 14:56 - 2014-06-16 15:25 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-14 21:22 - 2014-06-14 21:22 - 00000000 ____D () C:\Users\Murat Celik\Downloads\imperial_officer(MAX5&3DS)
2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Downloads\stormtrooper3(3DS).rar
2014-06-14 21:16 - 2014-06-14 21:16 - 02287022 _____ () C:\Users\Murat Celik\Downloads\tauntaun(3DS).zip
2014-06-14 21:15 - 2014-06-14 21:16 - 03862068 _____ () C:\Users\Murat Celik\Downloads\hothsoldier(3DS).zip
2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-12 12:50 - 2014-06-12 13:04 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 12:05 - 2014-06-16 20:30 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-06-06 12:04 - 2014-06-16 20:30 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-28 17:41 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Inkscape

==================== One Month Modified Files and Folders =======

2014-06-17 08:54 - 2014-06-17 08:53 - 00013030 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-17 08:54 - 2012-07-26 20:47 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Temp
2014-06-17 08:53 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST
2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-17 08:51 - 2012-07-26 20:43 - 01585345 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 08:47 - 2014-06-16 19:18 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-17 08:47 - 2013-03-01 20:38 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\.oit
2014-06-17 08:46 - 2012-07-26 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-17 08:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 08:46 - 2009-07-14 06:51 - 00094072 _____ () C:\Windows\setupact.log
2014-06-16 23:12 - 2013-06-29 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 21:13 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 21:13 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 20:30 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-16 20:30 - 2014-06-06 12:04 - 00000000 ____D () C:\ProgramData\Skype
2014-06-16 20:24 - 2014-06-16 19:51 - 00005560 _____ () C:\Users\Murat Celik\Desktop\log.xml
2014-06-16 19:59 - 2014-06-16 19:54 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe
2014-06-16 19:52 - 2012-11-28 15:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Blender Dateien
2014-06-16 19:51 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe
2014-06-16 15:25 - 2014-06-16 14:56 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-16 13:45 - 2012-12-25 20:35 - 00000000 ____D () C:\Users\Murat Celik\dwhelper
2014-06-15 12:27 - 2012-07-30 11:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\CrashDumps
2014-06-14 21:22 - 2014-06-14 21:22 - 00000000 ____D () C:\Users\Murat Celik\Downloads\imperial_officer(MAX5&3DS)
2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Downloads\stormtrooper3(3DS).rar
2014-06-14 21:16 - 2014-06-14 21:16 - 02287022 _____ () C:\Users\Murat Celik\Downloads\tauntaun(3DS).zip
2014-06-14 21:16 - 2014-06-14 21:15 - 03862068 _____ () C:\Users\Murat Celik\Downloads\hothsoldier(3DS).zip
2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-14 10:29 - 2012-11-27 00:09 - 00000000 ____D () C:\Users\Murat Celik\.gimp-2.8
2014-06-13 20:34 - 2012-07-28 12:30 - 00000000 ____D () C:\tmp
2014-06-12 19:26 - 2013-06-29 12:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 19:26 - 2012-10-22 17:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 19:26 - 2012-10-22 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 16:38 - 2009-07-14 06:45 - 00401472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 13:11 - 2012-07-26 21:07 - 00119240 _____ () C:\Users\Murat Celik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 13:04 - 2014-06-12 12:50 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-12 12:52 - 2013-04-07 10:43 - 00000000 ____D () C:\Users\Murat Celik\Documents\MAGIX
2014-06-12 12:52 - 2012-08-05 17:20 - 00000000 ____D () C:\Users\Murat Celik\Documents\Business
2014-06-12 12:35 - 2014-02-05 12:30 - 04339200 ___SH () C:\Users\Murat Celik\Desktop\Thumbs.db
2014-06-11 21:07 - 2011-04-12 09:43 - 00666370 _____ () C:\Windows\system32\perfh007.dat
2014-06-11 21:07 - 2011-04-12 09:43 - 00133386 _____ () C:\Windows\system32\perfc007.dat
2014-06-11 21:07 - 2009-07-14 07:13 - 01519796 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 14:09 - 2013-05-21 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:17 - 2013-03-17 11:11 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\LocalStorage
2014-06-07 10:31 - 2013-06-07 21:52 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\FreeVideoConverter
2014-06-06 19:55 - 2012-08-22 10:26 - 00015924 _____ () C:\Windows\H74TGD__.TTF
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-06 10:06 - 2013-07-01 10:06 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-06 10:06 - 2013-07-01 10:06 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-06 10:06 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 13:28 - 2014-01-05 12:18 - 00001897 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:52 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-24 00:13 - 2010-08-18 11:41 - 00062936 _____ () C:\Windows\ethnocentric rg.ttf
2014-05-20 09:54 - 2014-03-07 16:43 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-20 09:54 - 2014-03-07 16:43 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-19 20:26 - 2013-02-06 20:04 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Windows Live

Some content of TEMP:
====================
C:\Users\Murat Celik\AppData\Local\Temp\avgnt.exe
C:\Users\Murat Celik\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 20:45

==================== End Of Log ============================
         
--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Murat Celik at 2014-06-17 08:55:16
Running from C:\Users\Murat Celik\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
ArtRage Studio (HKLM-x32\...\{1BA22D99-A265-4599-91C2-DD4B319C3B3F}) (Version: 3.5.2 - Ambient Design)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bamboo (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - )
Bamboo Dock (x32 Version: 3.3.0 - Wacom Europe GmH) Hidden
Bamboo Dock 3.3 (HKLM-x32\...\Bamboo Dock) (Version: 3.3 - Wacom Co., Ltd.)
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo 5.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.3.0 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Benutzerhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Useg) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
HitFilm 2 Ultimate (HKLM\...\{CC428850-E9FC-4C86-9ADB-CF3086C6BF50}) (Version: 2.0.1425.50622 - FXhome)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (HKLM-x32\...\MAGIX_MSI_Foto_Grafik_Designer_7) (Version: 7.1.2.17305 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17305 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.2.251 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (Version: 9.0.2.251 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{94930B8D-D689-48E1-9E82-9CCEEB0E269A}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{08E5C3CC-05DC-4E8F-B1A1-4ED2C3C065A7}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (Version: 12.0.2.115 - MAGIX AG) Hidden
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

28-05-2014 18:45:02 Installed 7-Zip 9.20 (x64 edition)
09-06-2014 18:52:46 Geplanter Prüfpunkt
16-06-2014 18:29:27 Removed Skype™ 6.16

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-05-20 15:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {21EEED09-12EE-4D34-952C-BDD3F6EFFC72} - System32\Tasks\Games\UpdateCheck_S-1-5-21-947860702-3629206099-2466557242-1000
Task: {47B88171-3B77-4A1F-8C02-AEA1E90CDE83} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {83C50C88-AF3D-400B-81BA-9C95512C69BB} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {8D041B82-FA49-4C92-9B1D-E23DBE48182C} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {99345FC5-C8CA-4724-9BD7-2C9B1783403C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {E045CF6D-3EBB-49C5-AAAC-DDBBEEF23356} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {EBB0266F-2220-49CE-A9CD-4ECF04BA815C} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 00:25 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-09-19 14:38 - 2009-09-19 14:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2010-07-28 23:58 - 2012-11-28 13:49 - 00646232 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2012-07-26 20:57 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2012-07-26 20:57 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2012-07-26 20:57 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2012-07-26 20:57 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-06-16 19:18 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-06-16 19:18 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2009-09-07 13:54 - 2009-09-07 13:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2013-03-01 20:33 - 2010-05-07 12:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-03-01 20:33 - 2010-12-23 14:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-03-01 20:33 - 2007-03-30 11:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-03-01 20:33 - 2010-12-29 18:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-03-01 20:33 - 2008-08-25 18:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-03-01 20:33 - 2011-03-11 11:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-03-01 20:33 - 2010-12-20 17:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-03-01 20:33 - 2010-10-22 11:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-03-01 20:33 - 2010-10-22 11:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-03-01 20:33 - 2010-12-29 19:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-03-01 20:33 - 2009-08-06 11:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-03-01 20:33 - 2010-09-09 19:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-03-01 20:33 - 2009-09-09 15:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-03-01 20:33 - 2007-03-30 10:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-03-01 20:33 - 2010-08-03 11:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-03-01 20:33 - 2007-12-20 15:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-03-01 20:33 - 2011-01-21 16:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-03-01 20:33 - 2009-11-26 18:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-03-01 20:33 - 2008-11-17 15:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-03-01 20:33 - 2010-11-30 17:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-03-01 20:33 - 2010-07-13 11:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-03-01 20:33 - 2007-08-31 18:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-03-01 20:33 - 2010-09-08 18:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-03-01 20:33 - 2009-11-27 18:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-03-01 20:33 - 2010-11-26 11:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-03-01 20:33 - 2007-03-30 11:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-03-01 20:33 - 2010-03-02 16:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-03-01 20:33 - 2009-06-26 10:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-03-01 20:33 - 2010-08-03 11:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-03-01 20:33 - 2009-12-04 18:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-03-01 20:33 - 2008-08-25 17:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-03-01 20:33 - 2010-09-08 11:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-03-01 20:33 - 2010-04-27 16:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-03-01 20:33 - 2007-03-30 10:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-03-01 20:33 - 2010-11-26 11:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-03-07 16:44 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Murat Celik\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-11 09:53 - 2014-06-11 09:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-12 19:26 - 2014-06-12 19:26 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 08:48:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 09:07:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 10:02:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 04:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 00:27:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x14b4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/15/2014 08:08:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 04:44:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 04:43:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.12.20002, Zeitstempel: 0x53674d9b
Name des fehlerhaften Moduls: ccwkrlib.dll, Version: 14.0.4.620, Zeitstempel: 0x53610df5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004402f
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (06/14/2014 04:43:23 PM) (Source: TabletServicePen) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (06/14/2014 04:43:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
Stapel:
   bei Avira.OE.AvConnector.Interface.ILicensePlugin.GetLicenseType()
   bei Avira.OE.AvConnector.AvStatusReporter.GetLicenseType()
   bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   bei Avira.OE.ServiceHost.AvServiceHost.SendAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (06/17/2014 08:49:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/17/2014 08:49:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/17/2014 08:47:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/16/2014 09:08:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/16/2014 09:08:43 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/16/2014 09:06:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/16/2014 08:26:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/16/2014 02:37:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (06/16/2014 10:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/16/2014 10:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (06/17/2014 08:48:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 09:07:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 10:02:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 04:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 00:27:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b14b401cf88602fe1a064C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll971a37d7-f477-11e3-9afa-c860005fdeb5

Error: (06/15/2014 08:08:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 04:44:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 04:43:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.12.2000253674d9bccwkrlib.dll14.0.4.62053610df5c00000050004402fdf001cf87dee9209fccC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll441fdcab-f3d2-11e3-91c9-c860005fdeb5

Error: (06/14/2014 04:43:23 PM) (Source: TabletServicePen) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (06/14/2014 04:43:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
Stapel:
   bei Avira.OE.AvConnector.Interface.ILicensePlugin.GetLicenseType()
   bei Avira.OE.AvConnector.AvStatusReporter.GetLicenseType()
   bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   bei Avira.OE.ServiceHost.AvServiceHost.SendAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


CodeIntegrity Errors:
===================================
  Date: 2013-08-04 16:07:27.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-01 09:24:26.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-01 09:24:26.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-01 09:24:26.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-01 09:24:26.404
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8174.12 MB
Available physical RAM: 5714.29 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 13710.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:403.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10438563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 17.06.2014, 10:57   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.06.2014, 11:47   #5
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Hier der Log mit ComboFix. Da hab ich wohl einiges versäumt mit dem Virenschutz. Ich war leider lange im Krankenhaus und konnte mich nicht richtig um mein System kümmern.

Code:
ATTFilter
ComboFix 14-06-16.01 - Murat Celik 17.06.2014  12:31:25.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.5812 [GMT 2:00]
ausgeführt von:: c:\users\Murat Celik\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-17 bis 2014-06-17  ))))))))))))))))))))))))))))))
.
.
2014-06-17 10:41 . 2014-06-17 10:41	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-06-17 10:41 . 2014-06-17 10:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-17 10:41 . 2014-06-17 10:41	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-06-17 06:53 . 2014-06-17 06:56	--------	d-----w-	C:\FRST
2014-06-16 17:54 . 2014-06-16 17:59	--------	d-----w-	c:\users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 17:54 . 2014-06-16 17:54	--------	d-----w-	c:\program files (x86)\Wise
2014-06-16 17:51 . 2014-06-17 10:22	--------	d-----w-	c:\users\Murat Celik\AppData\Local\Adobe
2014-06-16 17:18 . 2014-06-16 17:18	--------	d-----w-	c:\users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 17:18 . 2014-06-16 17:18	--------	d-----w-	c:\programdata\Nico Mak Computing
2014-06-16 17:18 . 2014-06-16 17:18	--------	d-----w-	c:\program files (x86)\WinZip Malware Protector
2014-06-16 17:18 . 2013-03-15 15:10	20480	----a-w-	c:\windows\system32\wsusnative64.exe
2014-06-06 10:05 . 2014-06-06 10:05	--------	d-----w-	c:\users\Murat Celik\AppData\Local\Skype
2014-06-06 10:05 . 2014-06-16 18:30	--------	d-----w-	c:\users\Murat Celik\AppData\Roaming\Skype
2014-06-06 10:04 . 2014-06-16 18:30	--------	d-----w-	c:\programdata\Skype
2014-05-28 18:45 . 2014-05-28 18:45	--------	d-----w-	c:\program files\7-Zip
2014-05-28 15:41 . 2014-05-28 15:52	--------	d-----w-	c:\program files (x86)\Inkscape
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 17:26 . 2012-10-22 15:21	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 17:26 . 2012-10-22 15:21	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 16:59 . 2012-08-06 19:58	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - user.js: network.http.max-connections - 256
FF - user.js: network.http.max-connections-per-server - 48
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 18
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-17  12:45:45
ComboFix-quarantined-files.txt  2014-06-17 10:45
.
Vor Suchlauf: 15 Verzeichnis(se), 436.040.179.712 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 436.108.193.792 Bytes frei
.
- - End Of File - - 444000CC1B89F4922DDCBA85A53C0BDE
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 18.06.2014, 09:04   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Systemregistrierung mit Monitoring Tool infiziert.

Alt 18.06.2014, 11:45   #7
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 18.06.2014
Scan Time: 12:09:44
Logfile: LogMalwarbites.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.18.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Murat Celik

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326085
Time Elapsed: 10 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Babylon.A, C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml, , [2ebd9bde8eedd2645896caf4bc46d22e], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 18/06/2014 um 12:26:39
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Murat Celik - MURATCELIK-PC
# Gestartet von : C:\Users\Murat Celik\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Users\Murat Celik\AppData\Roaming\simplitec
Datei Gelöscht : C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1193 octets] - [18/06/2014 12:22:33]
AdwCleaner[S0].txt - [1114 octets] - [18/06/2014 12:26:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1174 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Murat Celik on 18.06.2014 at 12:30:29,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"



~~~ FireFox

Emptied folder: C:\Users\Murat Celik\AppData\Roaming\mozilla\firefox\profiles\7udrk8rh.default\minidumps [153 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2014 at 12:37:09,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Murat Celik (administrator) on MURATCELIK-PC on 18-06-2014 12:40:38
Running from C:\Users\Murat Celik\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Farbar) C:\Users\Murat Celik\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=061413
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]

==================== Services (Whitelisted) =================

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 12:39 - 2014-06-18 12:39 - 00027667 _____ () C:\Users\Murat Celik\Desktop\FRST.txt
2014-06-18 12:38 - 2014-06-18 12:40 - 00010814 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt
2014-06-18 12:33 - 2014-06-18 12:33 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64(1).exe
2014-06-18 12:30 - 2014-06-18 12:30 - 01016261 _____ (Thisisu) C:\Users\Murat Celik\Downloads\JRT.exe
2014-06-18 12:25 - 2014-06-18 12:28 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt
2014-06-18 12:21 - 2014-06-18 12:26 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:19 - 2014-06-18 12:19 - 01333465 _____ () C:\Users\Murat Celik\Downloads\adwcleaner_3.212.exe
2014-06-18 12:08 - 2014-06-18 12:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 12:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 12:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-18 12:06 - 2014-06-18 12:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Murat Celik\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Mevlüde Celik\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-17 12:28 - 2014-06-17 12:45 - 00000000 ____D () C:\Qoobox
2014-06-17 12:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-17 12:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-17 12:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-17 12:18 - 2014-06-17 12:19 - 05206841 ____R (Swearware) C:\Users\Murat Celik\Downloads\ComboFix.exe
2014-06-17 11:06 - 2014-06-17 11:06 - 00000000 ____D () C:\Users\Murat Celik\Downloads\hothsoldier(3DS)
2014-06-17 11:05 - 2014-06-17 11:06 - 00000000 ____D () C:\Users\Murat Celik\Downloads\tauntaun(3DS)
2014-06-17 08:53 - 2014-06-18 12:40 - 00000000 ____D () C:\FRST
2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-16 19:54 - 2014-06-16 19:59 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe
2014-06-16 19:51 - 2014-06-17 12:22 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-16 19:18 - 2014-06-18 12:29 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:18 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe
2014-06-16 14:56 - 2014-06-18 12:37 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Documents\stormtrooper3(3DS).rar
2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-12 12:50 - 2014-06-17 13:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 12:05 - 2014-06-16 20:30 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-06-06 12:04 - 2014-06-16 20:30 - 00000000 ____D () C:\ProgramData\Skype
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-28 17:41 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Inkscape

==================== One Month Modified Files and Folders =======

2014-06-18 12:40 - 2014-06-18 12:38 - 00010814 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-18 12:40 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST
2014-06-18 12:40 - 2012-07-26 20:47 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Temp
2014-06-18 12:39 - 2014-06-18 12:39 - 00027667 _____ () C:\Users\Murat Celik\Desktop\FRST.txt
2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt
2014-06-18 12:37 - 2014-06-16 14:56 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-18 12:36 - 2014-01-05 12:18 - 00002074 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-06-18 12:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 12:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 12:33 - 2014-06-18 12:33 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64(1).exe
2014-06-18 12:32 - 2012-07-30 11:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\CrashDumps
2014-06-18 12:31 - 2012-07-26 20:43 - 01663887 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 12:30 - 2014-06-18 12:30 - 01016261 _____ (Thisisu) C:\Users\Murat Celik\Downloads\JRT.exe
2014-06-18 12:30 - 2013-05-21 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 12:29 - 2014-06-18 12:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 12:29 - 2014-06-16 19:18 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-18 12:28 - 2014-06-18 12:25 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt
2014-06-18 12:28 - 2013-03-01 20:38 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\.oit
2014-06-18 12:27 - 2012-07-26 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-18 12:27 - 2010-11-21 05:47 - 00349842 _____ () C:\Windows\PFRO.log
2014-06-18 12:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 12:27 - 2009-07-14 06:51 - 00094576 _____ () C:\Windows\setupact.log
2014-06-18 12:26 - 2014-06-18 12:21 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:19 - 2014-06-18 12:19 - 01333465 _____ () C:\Users\Murat Celik\Downloads\adwcleaner_3.212.exe
2014-06-18 12:12 - 2013-06-29 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2013-05-20 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 12:06 - 2014-06-18 12:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Murat Celik\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-17 13:52 - 2014-06-12 12:50 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Mevlüde Celik\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-17 12:45 - 2014-06-17 12:28 - 00000000 ____D () C:\Qoobox
2014-06-17 12:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-17 12:27 - 2013-05-19 22:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 12:25 - 2014-05-03 12:51 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-06-17 12:25 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-17 12:22 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-17 12:22 - 2012-07-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-17 12:19 - 2014-06-17 12:18 - 05206841 ____R (Swearware) C:\Users\Murat Celik\Downloads\ComboFix.exe
2014-06-17 11:06 - 2014-06-17 11:06 - 00000000 ____D () C:\Users\Murat Celik\Downloads\hothsoldier(3DS)
2014-06-17 11:06 - 2014-06-17 11:05 - 00000000 ____D () C:\Users\Murat Celik\Downloads\tauntaun(3DS)
2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-16 20:30 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-16 20:30 - 2014-06-06 12:04 - 00000000 ____D () C:\ProgramData\Skype
2014-06-16 19:59 - 2014-06-16 19:54 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe
2014-06-16 19:52 - 2012-11-28 15:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Blender Dateien
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe
2014-06-16 13:45 - 2012-12-25 20:35 - 00000000 ____D () C:\Users\Murat Celik\dwhelper
2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Documents\stormtrooper3(3DS).rar
2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-14 10:29 - 2012-11-27 00:09 - 00000000 ____D () C:\Users\Murat Celik\.gimp-2.8
2014-06-13 20:34 - 2012-07-28 12:30 - 00000000 ____D () C:\tmp
2014-06-12 19:26 - 2013-06-29 12:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 19:26 - 2012-10-22 17:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 19:26 - 2012-10-22 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 16:38 - 2009-07-14 06:45 - 00401472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 13:11 - 2012-07-26 21:07 - 00119240 _____ () C:\Users\Murat Celik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 12:52 - 2013-04-07 10:43 - 00000000 ____D () C:\Users\Murat Celik\Documents\MAGIX
2014-06-12 12:52 - 2012-08-05 17:20 - 00000000 ____D () C:\Users\Murat Celik\Documents\Business
2014-06-12 12:35 - 2014-02-05 12:30 - 04339200 ___SH () C:\Users\Murat Celik\Desktop\Thumbs.db
2014-06-11 21:07 - 2011-04-12 09:43 - 00666370 _____ () C:\Windows\system32\perfh007.dat
2014-06-11 21:07 - 2011-04-12 09:43 - 00133386 _____ () C:\Windows\system32\perfc007.dat
2014-06-11 21:07 - 2009-07-14 07:13 - 01519796 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 14:09 - 2013-05-21 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:17 - 2013-03-17 11:11 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\LocalStorage
2014-06-07 10:31 - 2013-06-07 21:52 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\FreeVideoConverter
2014-06-06 19:55 - 2012-08-22 10:26 - 00015924 _____ () C:\Windows\H74TGD__.TTF
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:52 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-24 00:13 - 2010-08-18 11:41 - 00062936 _____ () C:\Windows\ethnocentric rg.ttf
2014-05-19 20:26 - 2013-02-06 20:04 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Windows Live

Some content of TEMP:
====================
C:\Users\Murat Celik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 20:45

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Murat Celik at 2014-06-18 12:40:55
Running from C:\Users\Murat Celik\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
ArtRage Studio (HKLM-x32\...\{1BA22D99-A265-4599-91C2-DD4B319C3B3F}) (Version: 3.5.2 - Ambient Design)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - )
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo 5.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.3.0 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Benutzerhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Useg) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (HKLM-x32\...\MAGIX_MSI_Foto_Grafik_Designer_7) (Version: 7.1.2.17305 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17305 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.2.251 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (Version: 9.0.2.251 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{94930B8D-D689-48E1-9E82-9CCEEB0E269A}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{08E5C3CC-05DC-4E8F-B1A1-4ED2C3C065A7}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (Version: 12.0.2.115 - MAGIX AG) Hidden
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

28-05-2014 18:45:02 Installed 7-Zip 9.20 (x64 edition)
09-06-2014 18:52:46 Geplanter Prüfpunkt
16-06-2014 18:29:27 Removed Skype™ 6.16
17-06-2014 10:23:15 Removed HitFilm 2 Ultimate

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-17 12:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {21EEED09-12EE-4D34-952C-BDD3F6EFFC72} - System32\Tasks\Games\UpdateCheck_S-1-5-21-947860702-3629206099-2466557242-1000
Task: {47B88171-3B77-4A1F-8C02-AEA1E90CDE83} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {7AF1E38A-4BEA-40E9-B402-3BD1B6D14F20} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {8D041B82-FA49-4C92-9B1D-E23DBE48182C} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {99345FC5-C8CA-4724-9BD7-2C9B1783403C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {E045CF6D-3EBB-49C5-AAAC-DDBBEEF23356} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {EBB0266F-2220-49CE-A9CD-4ECF04BA815C} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 00:25 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-09-19 14:38 - 2009-09-19 14:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 13:54 - 2009-09-07 13:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-07-26 20:57 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2012-07-26 20:57 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2012-07-26 20:57 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2014-06-16 19:18 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-06-16 19:18 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-06-16 19:18 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2013-03-01 20:33 - 2010-05-07 12:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-03-01 20:33 - 2010-12-23 14:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-03-01 20:33 - 2007-03-30 11:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-03-01 20:33 - 2010-12-29 18:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-03-01 20:33 - 2008-08-25 18:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-03-01 20:33 - 2011-03-11 11:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-03-01 20:33 - 2010-12-20 17:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-03-01 20:33 - 2010-10-22 11:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-03-01 20:33 - 2010-10-22 11:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-03-01 20:33 - 2010-12-29 19:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-03-01 20:33 - 2009-08-06 11:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-03-01 20:33 - 2010-09-09 19:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-03-01 20:33 - 2009-09-09 15:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-03-01 20:33 - 2007-03-30 10:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-03-01 20:33 - 2010-08-03 11:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-03-01 20:33 - 2007-12-20 15:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-03-01 20:33 - 2011-01-21 16:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-03-01 20:33 - 2009-11-26 18:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-03-01 20:33 - 2008-11-17 15:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-03-01 20:33 - 2010-11-30 17:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-03-01 20:33 - 2010-07-13 11:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-03-01 20:33 - 2007-08-31 18:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-03-01 20:33 - 2010-09-08 18:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-03-01 20:33 - 2009-11-27 18:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-03-01 20:33 - 2010-11-26 11:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-03-01 20:33 - 2007-03-30 11:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-03-01 20:33 - 2010-03-02 16:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-03-01 20:33 - 2009-06-26 10:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-03-01 20:33 - 2010-08-03 11:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-03-01 20:33 - 2009-12-04 18:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-03-01 20:33 - 2008-08-25 17:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-03-01 20:33 - 2010-09-08 11:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-03-01 20:33 - 2010-04-27 16:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-03-01 20:33 - 2007-03-30 10:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-03-01 20:33 - 2010-11-26 11:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-06-11 09:53 - 2014-06-11 09:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-12 19:26 - 2014-06-12 19:26 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-17 12:41:00.969
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-17 12:41:00.813
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-04 16:07:27.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-04 16:07:27.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-01 09:24:26.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-01 09:24:26.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8174.12 MB
Available physical RAM: 6050.67 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 14033.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:405.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10438563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 19.06.2014, 11:51   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2014, 13:18   #9
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=798b167ec166064ba932b867ec8e3713
# engine=18783
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-19 12:02:25
# local_time=2014-06-19 02:02:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12106706 154809195 0 0
# scanned=202285
# found=4
# cleaned=0
# scan_time=3505
sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe"
sh=A751D3553295B4CA8A7DECA5F2E9D02BA8FD5C1B ft=1 fh=0981b9ec2bf947e8 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Murat Celik\Desktop\CrystalDiskInfo5_3_0-en.exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Murat Celik\Downloads\wzmp_8.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
         
SecCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 WinZip Malware Protector WinZipMalwareProtector.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Murat Celik (administrator) on MURATCELIK-PC on 19-06-2014 14:15:08
Running from C:\Users\Murat Celik\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=061413
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]

==================== Services (Whitelisted) =================

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 14:15 - 2014-06-19 14:15 - 00010630 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-19 14:14 - 2014-06-19 14:14 - 02082304 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-19 14:11 - 2014-06-19 14:11 - 00000914 _____ () C:\Users\Murat Celik\Desktop\checkup.txt
2014-06-19 13:01 - 2014-06-19 13:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-19 11:29 - 2014-06-19 11:29 - 00020286 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-18 12:41 - 2014-06-18 12:41 - 00026765 _____ () C:\Users\Murat Celik\Desktop\Addition.txt
2014-06-18 12:39 - 2014-06-18 12:41 - 00027762 _____ () C:\Users\Murat Celik\Desktop\FRST.txt
2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt
2014-06-18 12:25 - 2014-06-18 12:28 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt
2014-06-18 12:21 - 2014-06-18 12:26 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:08 - 2014-06-19 14:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 12:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 12:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt
2014-06-17 12:28 - 2014-06-17 12:45 - 00000000 ____D () C:\Qoobox
2014-06-17 12:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-17 12:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-17 12:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-17 12:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-17 08:53 - 2014-06-19 14:15 - 00000000 ____D () C:\FRST
2014-06-16 19:51 - 2014-06-17 12:22 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-16 19:18 - 2014-06-19 08:00 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:18 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-06-16 14:56 - 2014-06-19 11:14 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-12 12:50 - 2014-06-17 13:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 12:05 - 2014-06-16 20:30 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-06-06 12:04 - 2014-06-16 20:30 - 00000000 ____D () C:\ProgramData\Skype
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-28 17:41 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Inkscape

==================== One Month Modified Files and Folders =======

2014-06-19 14:15 - 2014-06-19 14:15 - 00010630 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-19 14:15 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST
2014-06-19 14:14 - 2014-06-19 14:14 - 02082304 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-19 14:12 - 2013-06-29 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 14:11 - 2014-06-19 14:11 - 00000914 _____ () C:\Users\Murat Celik\Desktop\checkup.txt
2014-06-19 14:10 - 2014-06-18 12:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 13:01 - 2014-06-19 13:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-19 12:17 - 2012-07-26 20:43 - 01699042 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 11:32 - 2012-11-28 15:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Blender Dateien
2014-06-19 11:30 - 2012-11-27 00:09 - 00000000 ____D () C:\Users\Murat Celik\.gimp-2.8
2014-06-19 11:29 - 2014-06-19 11:29 - 00020286 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-19 11:14 - 2014-06-16 14:56 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-19 08:07 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 08:07 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 08:03 - 2009-07-14 06:51 - 00094800 _____ () C:\Windows\setupact.log
2014-06-19 08:00 - 2014-06-16 19:18 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-19 08:00 - 2013-03-01 20:38 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\.oit
2014-06-19 07:59 - 2012-07-26 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-19 07:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 12:41 - 2014-06-18 12:41 - 00026765 _____ () C:\Users\Murat Celik\Desktop\Addition.txt
2014-06-18 12:41 - 2014-06-18 12:39 - 00027762 _____ () C:\Users\Murat Celik\Desktop\FRST.txt
2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt
2014-06-18 12:36 - 2014-01-05 12:18 - 00002074 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-06-18 12:32 - 2012-07-30 11:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\CrashDumps
2014-06-18 12:30 - 2013-05-21 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 12:28 - 2014-06-18 12:25 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt
2014-06-18 12:27 - 2010-11-21 05:47 - 00349842 _____ () C:\Windows\PFRO.log
2014-06-18 12:26 - 2014-06-18 12:21 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 12:08 - 2013-05-20 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 13:52 - 2014-06-12 12:50 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt
2014-06-17 12:45 - 2014-06-17 12:28 - 00000000 ____D () C:\Qoobox
2014-06-17 12:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-17 12:27 - 2013-05-19 22:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 12:25 - 2014-05-03 12:51 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-06-17 12:22 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-17 12:22 - 2012-07-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-16 20:30 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-16 20:30 - 2014-06-06 12:04 - 00000000 ____D () C:\ProgramData\Skype
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 13:45 - 2012-12-25 20:35 - 00000000 ____D () C:\Users\Murat Celik\dwhelper
2014-06-13 20:34 - 2012-07-28 12:30 - 00000000 ____D () C:\tmp
2014-06-12 19:26 - 2013-06-29 12:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 19:26 - 2012-10-22 17:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 19:26 - 2012-10-22 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 16:38 - 2009-07-14 06:45 - 00401472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 13:11 - 2012-07-26 21:07 - 00119240 _____ () C:\Users\Murat Celik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 12:52 - 2013-04-07 10:43 - 00000000 ____D () C:\Users\Murat Celik\Documents\MAGIX
2014-06-12 12:52 - 2012-08-05 17:20 - 00000000 ____D () C:\Users\Murat Celik\Documents\Business
2014-06-12 12:35 - 2014-02-05 12:30 - 04339200 ___SH () C:\Users\Murat Celik\Desktop\Thumbs.db
2014-06-11 21:07 - 2011-04-12 09:43 - 00666370 _____ () C:\Windows\system32\perfh007.dat
2014-06-11 21:07 - 2011-04-12 09:43 - 00133386 _____ () C:\Windows\system32\perfc007.dat
2014-06-11 21:07 - 2009-07-14 07:13 - 01519796 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 14:09 - 2013-05-21 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:17 - 2013-03-17 11:11 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\LocalStorage
2014-06-07 10:31 - 2013-06-07 21:52 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\FreeVideoConverter
2014-06-06 19:55 - 2012-08-22 10:26 - 00015924 _____ () C:\Windows\H74TGD__.TTF
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:52 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-24 00:13 - 2010-08-18 11:41 - 00062936 _____ () C:\Windows\ethnocentric rg.ttf

Some content of TEMP:
====================
C:\Users\Murat Celik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 20:45

==================== End Of Log ============================
         
--- --- ---




Die Systemsteuerung lässt sich nicht öffnen. Der Explorer hat auch Probleme mit der Anzeige der Ordner. Da ist definitiv was Faul und versteckte Prozesse versuche was vor mir zu verstecken.

Alt 20.06.2014, 14:12   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



WinZip Malware Protector deinstallieren!

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.06.2014, 14:25   #11
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Code:
ATTFilter
Farbar Service Scanner Version: 10-06-2014
Ran by Murat Celik (administrator) on 20-06-2014 at 15:24:07
Running from "C:\Users\Murat Celik\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
         

Alt 21.06.2014, 09:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Lass das mal bitte laufen:
http://www.trojaner-board.de/126216-...epair-aio.html
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.06.2014, 12:38   #13
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Zitat:
Zitat von schrauber Beitrag anzeigen


Danke. Werde das mal laufen lassen. Die Repair Anleitung müsste mal wieder geupdated werden. Die neueste Version ist 2.7.5. Da sind einige Veränderungen in der Oberfläche. Auch die Version auf Filepony ist veraltet. Noch immer die 2.6.3.

EDIT:

Hier das Log. War aber unter einem anderen Dateipfad. Hoffe dass es das richtige Log ist. Die Zeit scheint zu stimmen.

Code:
ATTFilter
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: MURATCELIK-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Murat Celik
Current Profile SID: S-1-5-21-947860702-3629206099-2466557242-1000
Current Profile Classes: S-1-5-21-947860702-3629206099-2466557242-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Murat Celik\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:39:43

Process Count: 73
Commit Total: 2,29 GB
Commit Limit: 15,96 GB
Commit Peak: 2,70 GB
Handle Count: 21399
Kernel Total: 598,92 MB
Kernel Paged: 508,04 MB
Kernel Non Paged: 90,88 MB
System Cache: 5,60 GB
Thread Count: 893
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,98 GB
Memory Used: 2,25 GB(28,1257%)
Memory Avail.: 5,74 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,98 GB
Memory Used: 1,88 GB(23,5821%)
Memory Avail.: 6,10 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Start (21.06.2014 12:08:21)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (21.06.2014 12:08:27)
   Running Repair Under Current User Account
   Done (21.06.2014 12:08:36)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (21.06.2014 12:08:36)
   Running Repair Under System Account
   Done (21.06.2014 12:11:26)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (21.06.2014 12:11:26)
   Running Repair Under System Account
   Done (21.06.2014 12:13:44)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (21.06.2014 12:13:45)
   Running Repair Under System Account
   Done (21.06.2014 12:21:00)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (21.06.2014 12:21:00)
   Running Repair Under System Account
   Done (21.06.2014 12:22:03)

02 - Reset File Permissions: Current Profile
   C:\Users\Murat Celik & Sub Folders
   Start (21.06.2014 12:22:03)
   Running Repair Under System Account
   Done (21.06.2014 12:22:27)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (21.06.2014 12:22:27)
   Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Default\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
Reading the SD from <\\?\C:\Users\Public\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Public\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Public\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Application Data>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Application Data> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Cookies>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Cookies> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Local Settings>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\My Documents>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\My Documents> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\NetHood>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\NetHood> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\PrintHood>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Recent>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Recent> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\SendTo>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\SendTo> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Start Menu>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Templates>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Templates> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\AppData\Local\Temporary Internet Files>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\AppData\Local\Temporary Internet Files> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Documents\My Music>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Documents\My Music> failed with: Das System kann den angegebenen Pfad nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann den angegebenen Pfad nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Documents\My Pictures> failed with: Das System kann den angegebenen Pfad nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann den angegebenen Pfad nicht finden.

Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Documents\My Videos> failed with: Das System kann den angegebenen Pfad nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann den angegebenen Pfad nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\Application Data>
Reading the SD from <\\?\C:\Users\Murat Celik\Application Data> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\Local Settings>
Reading the SD from <\\?\C:\Users\Murat Celik\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\My Documents>
Reading the SD from <\\?\C:\Users\Murat Celik\My Documents> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\NetHood>
Reading the SD from <\\?\C:\Users\Murat Celik\NetHood> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\PrintHood>
Reading the SD from <\\?\C:\Users\Murat Celik\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\Start Menu>
Reading the SD from <\\?\C:\Users\Murat Celik\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\Templates>
Reading the SD from <\\?\C:\Users\Murat Celik\Templates> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Murat Celik\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Murat Celik\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\Documents\My Music>
Reading the SD from <\\?\C:\Users\Murat Celik\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Murat Celik\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\Murat Celik\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Murat Celik\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\Application Data>
Reading the SD from <\\?\C:\Users\UpdatusUser\Application Data> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Local Settings>
Reading the SD from <\\?\C:\Users\UpdatusUser\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\My Documents>
Reading the SD from <\\?\C:\Users\UpdatusUser\My Documents> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\NetHood>
Reading the SD from <\\?\C:\Users\UpdatusUser\NetHood> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\PrintHood>
Reading the SD from <\\?\C:\Users\UpdatusUser\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Start Menu>
Reading the SD from <\\?\C:\Users\UpdatusUser\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\Templates>
Reading the SD from <\\?\C:\Users\UpdatusUser\Templates> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\UpdatusUser\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\AppData\Local\History>
Reading the SD from <\\?\C:\Users\UpdatusUser\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Documents\My Music>
Reading the SD from <\\?\C:\Users\UpdatusUser\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\UpdatusUser\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

Processing ACL of: <\\?\C:\Users\UpdatusUser\Documents\My Videos>
Reading the SD from <\\?\C:\Users\UpdatusUser\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.


SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.

   Done (21.06.2014 12:22:42)

03 - Register System Files
   Start (21.06.2014 12:22:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:28:12)

04 - Repair WMI
   Start (21.06.2014 12:28:12)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Microsoft Security Essentials Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (21.06.2014 12:32:54)

05 - Repair Windows Firewall
   Start (21.06.2014 12:32:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:35:51)

06 - Repair Internet Explorer
   Start (21.06.2014 12:35:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:38:16)

07 - Repair MDAC/MS Jet
   Start (21.06.2014 12:38:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:42:50)

08 - Repair Hosts File
   Start (21.06.2014 12:42:50)
   Running Repair Under System Account
   Done (21.06.2014 12:42:57)

09 - Remove Policies Set By Infections
   Start (21.06.2014 12:42:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:43:18)

10 - Repair Start Menu Icons Removed By Infections
   Start (21.06.2014 12:43:18)
   Running Repair Under System Account
   Done (21.06.2014 12:44:24)

11 - Repair Icons
   Start (21.06.2014 12:44:24)
   Running Repair Under Current User Account
   Done (21.06.2014 12:44:27)

12 - Repair Winsock & DNS Cache
   Start (21.06.2014 12:44:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:45:06)

13 - Remove Temp Files
   Start (21.06.2014 12:45:06)
   Running Repair Under System Account
   Done (21.06.2014 12:45:10)

14 - Repair Proxy Settings
   Start (21.06.2014 12:45:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:45:27)

15 - Unhide Non System Files
   Start (21.06.2014 12:45:27)
   C:\ - Total Files Unhidden: 1949 - Check Unhidden_Files.txt for list of files unhidden
   Done (21.06.2014 12:48:44)

16 - Repair Windows Updates
   Start (21.06.2014 12:48:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:53:00)

17 - Repair CD/DVD Missing/Not Working
   Start (21.06.2014 12:53:00)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (21.06.2014 12:53:00)

18 - Repair Volume Shadow Copy Service
   Start (21.06.2014 12:53:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:53:19)

19 - Repair Windows Sidebar/Gadgets
   Start (21.06.2014 12:53:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:53:34)

20 - Repair MSI (Windows Installer)
   Start (21.06.2014 12:53:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:54:58)

21 - Repair Windows Snipping Tool
   Start (21.06.2014 12:54:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:55:04)

22.01 - Repair bat Association
   Start (21.06.2014 12:55:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 12:55:21)

22.02 - Repair cmd Association
   Start (21.06.2014 12:55:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:00:43)

22.03 - Repair com Association
   Start (21.06.2014 13:00:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:00:56)

22.04 - Repair Directory Association
   Start (21.06.2014 13:00:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:02)

22.05 - Repair Drive Association
   Start (21.06.2014 13:01:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:08)

22.06 - Repair exe Association
   Start (21.06.2014 13:01:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:19)

22.07 - Repair Folder Association
   Start (21.06.2014 13:01:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:30)

22.08 - Repair inf Association
   Start (21.06.2014 13:01:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:39)

22.09 - Repair lnk (Shortcuts) Association
   Start (21.06.2014 13:01:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:49)

22.10 - Repair msc Association
   Start (21.06.2014 13:01:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:01:55)

22.11 - Repair reg Association
   Start (21.06.2014 13:01:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:02:02)

22.12 - Repair scr Association
   Start (21.06.2014 13:02:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:02:33)

23 - Repair Windows Safe Mode
   Start (21.06.2014 13:02:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:02:40)

24 - Repair Print Spooler
   Start (21.06.2014 13:02:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:02:59)

25 - Restore Important Windows Services
   Start (21.06.2014 13:02:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:03:51)

26 - Set Windows Services To Default Startup
   Start (21.06.2014 13:03:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (21.06.2014 13:04:10)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

Cleaning up empty logs...

All Selected Repairs Done.
   Done (21.06.2014 13:04:11)
   Total Repair Time: 00:55:54


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
         

Alt 22.06.2014, 06:47   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Wie läuft der Rechner jetzt?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2014, 08:57   #15
RootkitOpfer
 
Systemregistrierung mit Monitoring Tool infiziert. - Standard

Systemregistrierung mit Monitoring Tool infiziert.



Soweit so gut. Ich werde jetzt mal eine Woche lang Testbetrieb fahren und sollte es wieder Probleme geben, mache ich einen neuen Thread auf.

Vielen Dank nochmal für die Hilfe.

Antwort

Themen zu Systemregistrierung mit Monitoring Tool infiziert.
bild, forum, hoffe, infiziert, infiziert., monitoring, registry, tool, viren



Ähnliche Themen: Systemregistrierung mit Monitoring Tool infiziert.


  1. Monitoring Tools, Keylogger und co
    Überwachung, Datenschutz und Spam - 21.04.2016 (21)
  2. Suche Programm zum Monitoring des Heimnetzwerkes
    Überwachung, Datenschutz und Spam - 24.07.2014 (7)
  3. Monitoring Tool: MSIL/Limitless
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (11)
  4. RISKwear.Tool
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (1)
  5. Trojan.Agent.CK + Riskware.Tool.CK + Riskware.Tool.CK+ PUP.Hacktool.Patcher gefunden :(
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (1)
  6. MBM Log, gefunden: RiskWare.Tool.HCK + RiskWare.Tool.CK + Trojan.Dropper (GMX ACC verschickt Spam)
    Log-Analyse und Auswertung - 11.07.2012 (3)
  7. Keylogger oder Monitoring auf meinem Notebook?
    Log-Analyse und Auswertung - 13.06.2012 (1)
  8. System infiziert. USB-Stick und Datensicherung auch infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  9. "Debugging or Monitoring tool detected"
    Log-Analyse und Auswertung - 19.06.2011 (10)
  10. Windows Monitoring Utility entfernen
    Anleitungen, FAQs & Links - 11.06.2011 (2)
  11. System Tool
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (2)
  12. Monitoring
    Überwachung, Datenschutz und Spam - 13.12.2010 (2)
  13. SPR\Tool.Net.Cat.B
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (7)
  14. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  15. Was ist: SPR/Tool.PV
    Plagegeister aller Art und deren Bekämpfung - 07.10.2007 (1)
  16. Überwachung der Systemregistrierung notwendig?
    Antiviren-, Firewall- und andere Schutzprogramme - 03.07.2007 (12)
  17. Lan Fun Tool Gesucht
    Mülltonne - 29.01.2006 (3)

Zum Thema Systemregistrierung mit Monitoring Tool infiziert. - Hallo liebes Forum, mein PC ist mit 10 Viren in der Registry infiziert. Hier ein Bild mit dem Log. Hoffe Jemand kann mir helfen? - Systemregistrierung mit Monitoring Tool infiziert....
Archiv
Du betrachtest: Systemregistrierung mit Monitoring Tool infiziert. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.