Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Spigot-Infektion des Browsers (Startseite: http://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie) (https://www.trojaner-board.de/148680-spigot-infektion-browsers-startseite-http-ch-search-yahoo-com-type-198484-fr-spigot-yhp-ie.html)

Marc_83 26.01.2014 13:20
Spigot-Infektion des Browsers (Startseite: http://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie)
 
Hallo allerseits

Der Rechner der Familie meiner Freundin hat einen Spigot-Befall. Ich kümmere mich um den Rechner, da ich noch am meisten Ahnung davon habe, weshalb ich vielleicht für das eine oder andere Rücksprache halten muss und Präzisierungsfragen stellen.

Der Internet-Explorer hat wegen einer Spigot-Infektion dauerhaft und unveränderlich die Startseite "hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie" angenommen. Ich zuerst versucht, die Änderung via "Extras >Internetoptionen" zu verändern, was aber nur
kurzfristigen Erfolg gebracht hat. Danach habe ich Spybot Search & Destroy heruntergeladen und scannen lassen, was zu keinem Ergebnis geführt hat. Auch der IObit Malware Fighter konnte nichts ausrichten.

Im Anhang findet Ihr die Log-Files, wie Ihr dies erwünscht (ich hoffe, es ist alles vollständig!). Falls etwas fehlt, werde ich dies gerne nachreichen.

Freundliche Grüsse und besten Dank im Voraus
Marc

Die Anhänge:

Anhang 64132

Anhang 64133

Anhang 64134

Anhang 64135

schrauber 26.01.2014 16:59
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Marc_83 27.01.2014 11:09
Hallo Schrauber

Danke für die Antwort und den Hinweis! Dann folgen nun die Files als Text im Thread:

defogger_disable.log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:43 on 26/01/2014 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by User (administrator) on TRIVIUM4001 on 26-01-2014 11:49:42
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
(OldTimer Tools) C:\Users\User\Downloads\OTL.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
() C:\Users\User\Desktop\FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184 2013-12-13] (IObit)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = yahoo
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
SearchScopes: HKCU - DefaultScope {A8F7C9A9-1173-4155-97A4-8CD18F313CFC} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A8F7C9A9-1173-4155-97A4-8CD18F313CFC} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {DB1608E9-5315-4436-8629-9E55C856BC06} URL = https://www.google.ch/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-23]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)

==================== Drivers (Whitelisted) ====================

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-06] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWOW64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U3 pxdcafob; \??\C:\Users\User\AppData\Local\Temp\pxdcafob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 11:49 - 2014-01-26 11:49 - 00014420 _____ C:\Users\User\Desktop\FRST.txt
2014-01-26 11:46 - 2014-01-26 11:47 - 00000000 ____D C:\Users\User\Desktop\Trojanerbeseitigung
2014-01-26 11:46 - 2014-01-26 11:46 - 00000000 ____D C:\FRST
2014-01-26 11:43 - 2014-01-26 11:43 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-26 11:31 - 2014-01-26 11:31 - 00077836 _____ C:\Users\User\Downloads\Extras.Txt
2014-01-26 11:30 - 2014-01-26 11:30 - 00128498 _____ C:\Users\User\Downloads\OTL.Txt
2014-01-26 11:12 - 2014-01-26 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2014-01-15 16:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:12 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-05 11:59 - 2014-01-05 11:59 - 00000164 _____ C:\Users\User\Documents\cc_20140105_115948.reg
2013-12-30 18:14 - 2013-12-30 18:14 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-12-30 17:56 - 2013-12-30 17:56 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-12-30 17:46 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BTL.dll
2013-12-30 17:46 - 2012-11-26 12:29 - 00095744 _____ C:\Windows\SysWOW64\CNC1770D.TBL
2013-12-30 17:46 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-12-30 17:41 - 2013-12-30 17:41 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-12-30 17:38 - 2013-12-30 17:38 - 00002362 _____ C:\Users\Public\Desktop\Canon MG6400 series On-Screen-Handbuch.lnk
2013-12-30 17:38 - 2013-12-30 17:38 - 00000000 ____D C:\Program Files\Canon
2013-12-30 17:37 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBT.DLL
2013-12-30 17:37 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BTL.dll
2013-12-30 17:37 - 2012-11-26 12:29 - 00095744 _____ C:\Windows\system32\CNC1770D.TBL
2013-12-30 17:37 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BTC.dll
2013-12-30 17:37 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BTI.dll
2013-12-30 17:37 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-12-29 12:15 - 2013-12-29 12:15 - 00002988 _____ C:\Windows\System32\Tasks\{25E993CD-350C-49DC-A4B2-910D9F88175D}
2013-12-29 12:06 - 2013-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\Rootkit Revealer
2013-12-29 11:56 - 2013-12-29 11:56 - 00002000 _____ C:\Users\User\Documents\cc_20131229_115653.reg
2013-12-29 11:55 - 2013-12-29 12:00 - 00000000 ____D C:\AdwCleaner
2013-12-29 11:34 - 2013-12-29 11:34 - 00003280 _____ C:\Windows\System32\Tasks\{493E54C0-EF04-4DDF-9DFC-B51F2400F0EB}
2013-12-28 17:12 - 2013-12-28 17:13 - 00000085 _____ C:\Windows\wininit.ini
2013-12-28 15:26 - 2013-12-28 15:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-28 15:25 - 2013-12-28 17:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-28 15:24 - 2013-12-28 17:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

==================== One Month Modified Files and Folders =======

2014-01-26 11:49 - 2014-01-26 11:49 - 00014420 _____ C:\Users\User\Desktop\FRST.txt
2014-01-26 11:49 - 2009-07-14 05:45 - 00025296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 11:49 - 2009-07-14 05:45 - 00025296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 11:48 - 2013-01-06 19:41 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-26 11:47 - 2014-01-26 11:46 - 00000000 ____D C:\Users\User\Desktop\Trojanerbeseitigung
2014-01-26 11:46 - 2014-01-26 11:46 - 00000000 ____D C:\FRST
2014-01-26 11:43 - 2014-01-26 11:43 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-26 11:41 - 2011-12-15 14:18 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-01-26 11:31 - 2014-01-26 11:31 - 00077836 _____ C:\Users\User\Downloads\Extras.Txt
2014-01-26 11:30 - 2014-01-26 11:30 - 00128498 _____ C:\Users\User\Downloads\OTL.Txt
2014-01-26 11:23 - 2012-07-24 13:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 11:12 - 2014-01-26 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-01-26 11:10 - 2013-12-04 14:41 - 01906997 _____ C:\Windows\WindowsUpdate.log
2014-01-26 11:10 - 2013-03-03 15:11 - 00000000 ____D C:\Windows\Minidump
2014-01-26 11:00 - 2013-12-22 17:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 10:41 - 2013-12-22 17:50 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 10:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 03:44 - 2013-11-06 23:54 - 00000224 _____ C:\Windows\Tasks\IOBit_AutoShutdown20131106235459.job
2014-01-24 18:33 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-22 10:50 - 2013-07-29 14:01 - 00312832 ___SH C:\Users\User\Desktop\Thumbs.db
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 07:52 - 2012-07-24 13:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-17 07:52 - 2012-04-07 20:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 07:52 - 2011-09-16 12:02 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2014-01-17 07:52 - 2011-09-16 11:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 13:43 - 2011-09-18 15:13 - 00000000 ____D C:\Users\User\Documents\Annette
2014-01-16 06:05 - 2009-07-14 05:45 - 00430224 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:03 - 2009-07-14 03:34 - 00000518 _____ C:\Windows\win.ini
2014-01-16 03:02 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:00 - 2011-09-16 08:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:56 - 2011-09-16 15:01 - 00000000 ____D C:\Users\User\AppData\Local\FreePDF_XP
2014-01-14 18:08 - 2012-11-27 08:27 - 00000610 _____ C:\Users\User\Desktop\Fotobuch Foto-Grusskarten Fotokalender Fotogeschenke - Ifolor#standard.website
2014-01-12 11:32 - 2011-09-18 15:25 - 00000000 ____D C:\Program Files (x86)\CLX.ClubMaker
2014-01-06 11:20 - 2011-03-28 08:51 - 00700486 _____ C:\Windows\system32\perfh007.dat
2014-01-06 11:20 - 2011-03-28 08:51 - 00150124 _____ C:\Windows\system32\perfc007.dat
2014-01-06 11:20 - 2009-07-14 06:13 - 01624178 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 12:12 - 2011-09-16 14:42 - 00000000 ____D C:\Windows\system32\oodag
2014-01-05 12:08 - 2011-09-16 12:18 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2014-01-05 11:59 - 2014-01-05 11:59 - 00000164 _____ C:\Users\User\Documents\cc_20140105_115948.reg
2014-01-05 11:54 - 2011-09-18 17:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Canon
2013-12-30 18:14 - 2013-12-30 18:14 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-12-30 17:56 - 2013-12-30 17:56 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-12-30 17:46 - 2011-09-18 17:07 - 00000000 ____D C:\Program Files (x86)\Canon
2013-12-30 17:46 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-12-30 17:41 - 2013-12-30 17:41 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-12-30 17:38 - 2013-12-30 17:38 - 00002362 _____ C:\Users\Public\Desktop\Canon MG6400 series On-Screen-Handbuch.lnk
2013-12-30 17:38 - 2013-12-30 17:38 - 00000000 ____D C:\Program Files\Canon
2013-12-30 17:38 - 2011-09-18 17:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-12-30 17:35 - 2013-12-30 17:35 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-12-29 19:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-29 12:15 - 2013-12-29 12:15 - 00002988 _____ C:\Windows\System32\Tasks\{25E993CD-350C-49DC-A4B2-910D9F88175D}
2013-12-29 12:07 - 2013-12-29 12:06 - 00000000 ____D C:\Program Files (x86)\Rootkit Revealer
2013-12-29 12:00 - 2013-12-29 11:55 - 00000000 ____D C:\AdwCleaner
2013-12-29 11:56 - 2013-12-29 11:56 - 00002000 _____ C:\Users\User\Documents\cc_20131229_115653.reg
2013-12-29 11:55 - 2011-09-16 11:32 - 00000000 ___RD C:\Users\User\Desktop\Systempflege
2013-12-29 11:34 - 2013-12-29 11:34 - 00003280 _____ C:\Windows\System32\Tasks\{493E54C0-EF04-4DDF-9DFC-B51F2400F0EB}
2013-12-28 17:14 - 2013-12-28 15:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-28 17:13 - 2013-12-28 17:12 - 00000085 _____ C:\Windows\wininit.ini
2013-12-28 17:13 - 2013-12-28 15:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-28 15:26 - 2013-12-28 15:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 10:54

==================== End Of Log ============================
--- --- ---

--- --- ---

Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by User at 2014-01-26 11:49:58
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acronis*True*Image*Home 2011 (x32 Version: 14.0.6942 - Acronis)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Advanced SystemCare 7 (x32 Version: 7.1.0 - IObit)
AI Suite II (x32 Version: 1.01.34 - ASUSTeK Computer Inc.)
Allway Sync version 12.12.12 (x32 Version: - Botkind Inc)
Amazing Slow Downer (remove only) (x32 Version: - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0 - Asmedia Technology)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (x32 Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (x32 Version: - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.7.0.1 - Canon Inc.)
Canon MG6400 series Benutzerregistrierung (x32 Version: - *Canon Inc.)
Canon MG6400 series MP Drivers (Version: 1.01 - Canon Inc.)
Canon MG6400 series On-screen Manual (x32 Version: 7.6.1 - Canon Inc.)
Canon MOV Decoder (x32 Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (x32 Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.6.0.5 - Canon Inc.)
Canon MP Navigator EX 1.0 (x32 Version: - )
Canon My Printer (x32 Version: 3.1.0 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.3.0.6 - Canon Inc.)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.9 (x32 Version: 3.9.1.0 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.1.0.4 - Canon Inc.)
Canon Utilities MyCamera (x32 Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (x32 Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.4.0.4 - Canon Inc.)
C-CHANNEL OnlineUpdate (x32 Version: - )
CCleaner (Version: 3.26 - Piriform)
CEI Product Suite (remove only) (x32 Version: - )
CLX.ClubMaker (x32 Version: 2.0.12.0 - CREALOGIX)
CLX.PayPen (x32 Version: - )
Codec Pack - All In 1 6.0.3.0 (x32 Version: - )
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Restore (Version: 1.6.3 - JOConnell)
Dropbox (HKCU Version: 2.0.26 - Dropbox, Inc.)
DVDVideoSoftTB DE Toolbar (HKCU Version: 10.14.0.69 - DVDVideoSoftTB DE)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finale 2006 (x32 Version: - )
Finale 2010 (x32 Version: 15.1.r2.0 - MakeMusic)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.1.42.1212 (x32 Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (x32 Version: - )
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (Version: 9.06 - Artifex Software Inc.)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
HWiNFO64 Version 4.08 (Version: 4.08 - Martin Malík - REALiX)
iCloud (Version: 3.0.2.163 - Apple Inc.)
ifolor Designer (x32 Version: 3.2.2.0 - Ifolor AG)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.7.0.1013 - Intel Corporation)
Interdiscount Fotoservice (x32 Version: 4.8.6 - CEWE COLOR AG u Co. OHG)
IObit Malware Fighter (x32 Version: 2.1 - IObit)
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KC Softwares SUMo (x32 Version: - KC Softwares)
marvell 61xx (x32 Version: 1.2.0.7600 - Marvell)
marvell 91xx driver (x32 Version: 1.2.0.1027 - Marvell)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (x32 Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Burning ROM 10 (x32 Version: 10.6.10600.4.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.6.10500.3.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.13000.0.10 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.6.10600.4.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.4.10200.0.100 - Nero AG)
Nero Multimedia Suite 10 (x32 Version: 10.6.11300 - Nero AG)
Nero StartSmart 10 (x32 Version: 10.6.10400.2.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
Nero WaveEditor 10 (x32 Version: 5.10.10400.3.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.6.10600 - Nero AG) Hidden
O&O Defrag Free Edition (Version: 14.1.431 - O&O Software GmbH)
PayPen (x32 Version: 1.5.0.0 - C Technologies, Anoto AB) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ravensburger tiptoi (x32 Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
SES Driver (Version: 1.0.0 - Western Digital)
Skype™ 6.0 (x32 Version: 6.0.126 - Skype Technologies S.A.)
Smart Defrag 2 (x32 Version: 2.9 - IObit)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
TreeSize Free V2.7 (x32 Version: 2.7 - JAM Software)
Unlocker 1.9.1-x64 (Version: 1.9.1 - Cedrick Collomb)
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Anoto AB (PayPen) Input Pen (09/28/2007 2.0.0.0) (Version: 09/28/2007 2.0.0.0 - Anoto AB)

==================== Restore Points =========================

29-12-2013 18:00:22 Windows-Sicherung
31-12-2013 18:04:32 Windows Update
03-01-2014 19:19:21 Windows Update
06-01-2014 21:09:11 Windows Update
09-01-2014 21:53:05 Windows Update
13-01-2014 18:54:55 Windows Update
16-01-2014 02:00:27 Windows Update
19-01-2014 10:30:53 Windows Update
22-01-2014 19:49:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {012D89E4-A421-4CEE-B4A1-C0F287B501D4} - System32\Tasks\{930EEB28-C18A-4A14-AC44-A81734EEC13F} => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {07185EAB-59AC-4EBF-8A2B-A05E3892F4EE} - System32\Tasks\RealCreateProcessScheduledTask240659310S-1-5-21-2493670080-3980695143-696610743-1000 => c:\program files (x86)\real\realplayer\realplay.exe
Task: {1DDF1F3C-F8DF-4725-956F-23DCCB21A010} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {24E5A622-CAF9-4BCB-AB42-ED187442A511} - System32\Tasks\{2A41A9CC-016C-4CA8-861C-6BA412F00B77} => C:\Program Files (x86)\CREALOGIX E-Payment AG\OnlineUpdate\PeOnlineUpdate.exe [2009-01-30] (C-Channel AG, 6331 Hünenberg ZG)
Task: {301550B2-FD8E-4866-8412-EC2037C170D5} - System32\Tasks\ASC7_SkipUac_User => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-12-10] (IObit)
Task: {47CD27E9-EE85-44C3-B6C4-636577A18DBF} - System32\Tasks\IOBit_AutoShutdown20131106235459 => C:\Windows\system32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {54B1BA93-2BF6-4DFE-AF69-DEC98974172F} - System32\Tasks\{114D2C47-17B6-4E1B-9FEF-08D257C68AEE} => C:\Program Files (x86)\CREALOGIX E-Payment AG\OnlineUpdate\PeOnlineUpdate.exe [2009-01-30] (C-Channel AG, 6331 Hünenberg ZG)
Task: {6693CD4B-B116-485E-872C-3281C948CD96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-17] (Adobe Systems Incorporated)
Task: {6B127C1C-C13D-478A-B9B9-8B27B5F59D86} - System32\Tasks\{96BD95BD-3069-4AC5-AC4A-4300476CC1BB} => C:\Program Files (x86)\CREALOGIX E-Payment AG\OnlineUpdate\PeOnlineUpdate.exe [2009-01-30] (C-Channel AG, 6331 Hünenberg ZG)
Task: {765F1743-C47C-490F-8465-F69AD450FF77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7ABB55ED-8562-4D98-9DC7-1DF6310748CE} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {80FED687-E71C-4DEA-9C20-78C99B05B179} - System32\Tasks\{983B13EC-FE25-4E9E-A80F-10B267B748E2} => C:\Program Files (x86)\CLX.ClubMaker\PaymentStudio.exe [2014-01-06] (CREALOGIX E-Payment AG)
Task: {887747E2-A06E-487E-B54B-4435309D5B97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {99D75538-090A-46FB-AFE0-635D51CEA861} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {A7DE13D3-BC60-461D-A88B-D1C0D64476C2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2493670080-3980695143-696610743-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B99F1365-1885-4292-82C1-D29A87B607A1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2493670080-3980695143-696610743-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BDC5016D-A7AB-4BF3-8644-800CFF865638} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D90B74FA-A1B6-4920-9716-A0C65FE256CB} - System32\Tasks\{FD0F0F32-12EF-49E2-8F56-484D2A470C5A} => C:\Program Files (x86)\CLX.ClubMaker\PaymentStudio.exe [2014-01-06] (CREALOGIX E-Payment AG)
Task: {F2581BDC-1745-45FC-9475-A44F04BD0291} - System32\Tasks\{3D6D28EB-414F-4280-BBFC-EA2C088920F0} => C:\Program Files (x86)\CLX.ClubMaker\PaymentStudio.exe [2014-01-06] (CREALOGIX E-Payment AG)
Task: {F3FBF937-763F-4DDC-8C33-5C84F9128605} - System32\Tasks\{25E993CD-350C-49DC-A4B2-910D9F88175D} => C:\Program Files (x86)\Rootkit Revealer\RootkitRevealer.exe [2013-12-29] (Sysinternals - www.sysinternals.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IOBit_AutoShutdown20131106235459.job => C:\Windows\system32\shutdown.exe

==================== Loaded Modules (whitelisted) =============

2011-03-07 05:07 - 2011-03-07 05:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Hook Test Driver
Description: Hook Test Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SDHookDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 11:35:43 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{e8a7b937-e07b-11e0-978c-806e6f6e6963} - 0000000000000134,0x0053c008,000000000048A990,0,000000000048B9A0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.


Vorgang:
EndPrepareSnapshots wird verarbeitet

Kontext:
Ausführungskontext: System Provider

Error: (01/26/2014 11:25:33 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = OTL Restore Point - 26.01.2014 11:15:32; Fehler = 0x81000101).

Error: (01/26/2014 10:42:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2014 10:19:11 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer.exe, Version: 2.1.19355.0, Zeitstempel: 0x52dedef9
Name des fehlerhaften Moduls: gmer.exe, Version: 2.1.19355.0, Zeitstempel: 0x52dedef9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000216a
ID des fehlerhaften Prozesses: 0xebc
Startzeit der fehlerhaften Anwendung: 0xgmer.exe0
Pfad der fehlerhaften Anwendung: gmer.exe1
Pfad des fehlerhaften Moduls: gmer.exe2
Berichtskennung: gmer.exe3

Error: (01/26/2014 07:45:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 05:07:07 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.16428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8ec

Startzeit: 01cf19e76dc12706

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (01/25/2014 05:05:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 09:19:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 08:27:34 AM) (Source: IMFservice) (User: )
Description: Das Handle ist ungültig

Error: (01/24/2014 07:47:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/26/2014 11:35:43 AM) (Source: volsnap) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.

Error: (01/26/2014 10:41:26 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SDHookDriver

Error: (01/26/2014 10:40:39 AM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89d354587, 0xb3b7465eefb38001, 0xfffff800051af080, 0x0000000000000002)C:\Windows\MEMORY.DMP012614-52525-01

Error: (01/26/2014 10:40:38 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎01.‎2014 um 10:38:03 unerwartet heruntergefahren.

Error: (01/26/2014 07:44:26 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SDHookDriver

Error: (01/25/2014 05:04:52 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SDHookDriver

Error: (01/25/2014 05:02:45 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/25/2014 09:21:48 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (01/25/2014 09:18:29 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SDHookDriver

Error: (01/25/2014 08:26:31 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.


Microsoft Office Sessions:
=========================
Error: (01/26/2014 11:35:43 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{e8a7b937-e07b-11e0-978c-806e6f6e6963} - 0000000000000134,0x0053c008,000000000048A990,0,000000000048B9A0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.


Vorgang:
EndPrepareSnapshots wird verarbeitet

Kontext:
Ausführungskontext: System Provider

Error: (01/26/2014 11:25:33 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeOTL Restore Point - 26.01.2014 11:15:320x81000101

Error: (01/26/2014 10:42:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2014 10:19:11 AM) (Source: Application Error)(User: )
Description: gmer.exe2.1.19355.052dedef9gmer.exe2.1.19355.052dedef9c00000050000216aebc01cf1a774e3fbd1aC:\Users\User\AppData\Local\Temp\Temp2_gmer_2.1.19355.zip\gme r.exeC:\Users\User\AppData\Local\Temp\Temp2_gmer_2.1.19355.zip\gmer.exee9fb4d93-866a-11e3-9fba-14dae96e4004

Error: (01/26/2014 07:45:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 05:07:07 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.164288ec01cf19e76dc127060C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/25/2014 05:05:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 09:19:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 08:27:34 AM) (Source: IMFservice)(User: )
Description: Das Handle ist ungültig

Error: (01/24/2014 07:47:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 4003.91 MB
Available physical RAM: 1298.84 MB
Total Pagefile: 8006 MB
Available Pagefile: 5281.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:240.54 GB) (Free:165.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:680.72 GB) (Free:344.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0C4583BD)
Partition 1: (Active) - (Size=241 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=27)
Partition 3: (Not Active) - (Size=681 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer.txt:
GMER Logfile:
Code:
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-26 12:54:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005e ATA_____ rev.0001 931.51GB
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\pxdcafob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                                                                        fffff800031f5000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                                                                                        fffff800031f502f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2528] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                                                        00000000765c1465 2 bytes [5C, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2528] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                                                      00000000765c14bb 2 bytes [5C, 76]
.text    ...                                                                                                                                                                                                                                                                                        * 2
.text    C:\Program Files\OO Software\Defrag\oodag.exe[2604] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                                                          0000000077a49b80 13 bytes {MOV R11, 0x140001400; JMP R11}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                          00000000765c1465 2 bytes [5C, 76]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                        00000000765c14bb 2 bytes [5C, 76]
.text    ...                                                                                                                                                                                                                                                                                        * 2

---- Threads - GMER 2.1 ----

Thread    System [4:548]                                                                                                                                                                                                                                                                            fffff88001cac16c
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD7D6EFD-EF0D-407B-A36D-DB7715F164E3}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1032] (Microsoft Malware Protection Engine/Microsoft Corporatio(2014-01-25 19:40:45)  000007fefa3d0000
Library  C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1728] (Microsoft SkyDrive Shell Extension/Microsoft Corporation SIGNED)(2013-02-12 18:59:30)                                                      000007fef9900000
Library  C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCP110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1728] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2013-02-12 18:59:29)                                                                    000007fef97b0000
Library  C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1728] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2013-02-12 18:59:30)                                                                    000007fef96e0000
Library  C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1728]                                                                                                                                                                        000007fef98d0000
Process  C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (*** suspicious ***) @ C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe                      0000000000400000
Library  \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4260] (Individualized Black Box DLL/Microsoft Corporation SIGNED)(2011-09-18 13:20:39)                                        000000000ac00000
Process  C:\Users\User\AppData\Local\Temp\Temp5_gmer_2.1.19355.zip\gmer.exe (*** suspicious ***) @ C:\Users\User\AppData\Local\Temp\Temp5_gmer_2.1.19355.zip\gmer.exe [5524](2014-01-21 20:56:24)                                                                                                  0000000000400000

---- EOF - GMER 2.1 ----
--- --- ---

Ich nehme an, das wird aus Sicherheitsgründen so gemacht, da man nicht weiss, was man sich da runterlädt, oder?

Freundliche Grüsse
Marc

schrauber 28.01.2014 10:15
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Marc_83 10.02.2014 13:19
Hallo Schrauber

Danke für Deine Antwort! Unten findest Du die erwünschten Files:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
User :: TRIVIUM4001 [Administrator]

09.02.2014 14:49:48
mbam-log-2014-02-09 (14-49-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416514
Laufzeit: 49 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\wajam_update[5].exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\wajam_update[6].exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\wajam_update[7].exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
# AdwCleaner v3.018 - Bericht erstellt am 10/02/2014 um 09:20:34
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - TRIVIUM4001
# Gestartet von : C:\Users\User\Desktop\Trojanerbeseitigung\5 AdwCleaner\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R2].txt - [741 octets] - [29/12/2013 11:55:50]
AdwCleaner[R3].txt - [817 octets] - [10/02/2014 08:17:41]
AdwCleaner[S1].txt - [801 octets] - [29/12/2013 12:00:58]
AdwCleaner[S2].txt - [739 octets] - [10/02/2014 09:20:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [798 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 10.02.2014 at  9:25:59.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2014 at  9:30:23.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by User (administrator) on TRIVIUM4001 on 10-02-2014 13:14:15
Running from C:\Users\User\Desktop\Trojanerbeseitigung\2 FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE
(Acronis) C:\PROGRAM FILES (X86)\ACRONIS\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184 2013-12-13] (IObit)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = yahoo
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
SearchScopes: HKCU - DefaultScope {A8F7C9A9-1173-4155-97A4-8CD18F313CFC} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A8F7C9A9-1173-4155-97A4-8CD18F313CFC} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {DB1608E9-5315-4436-8629-9E55C856BC06} URL = https://www.google.ch/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-23]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)

==================== Drivers (Whitelisted) ====================

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-06] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWOW64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 09:30 - 2014-02-10 09:30 - 00000624 _____ () C:\Users\User\Desktop\JRT.txt
2014-02-09 19:04 - 2014-02-10 09:22 - 00000168 _____ () C:\Windows\setupact.log
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-09 19:03 - 2014-02-09 19:03 - 00001290 _____ () C:\Windows\PFRO.log
2014-02-09 14:46 - 2014-02-09 14:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 14:46 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-09 14:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-09 14:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-09 14:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-09 14:45 - 2014-02-09 14:46 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 14:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-07 09:02 - 2014-02-07 09:02 - 00000000 _____ () C:\asc_rdflag
2014-02-07 08:53 - 2014-02-07 08:53 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-02-07 08:53 - 2014-02-07 08:53 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-02-07 08:53 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-02-07 08:52 - 2014-02-07 08:52 - 00001176 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-02-07 08:52 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140207085314.dll
2014-02-07 08:52 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-02-07 08:52 - 2013-12-24 10:40 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2014-02-04 16:07 - 2014-02-04 16:07 - 00057586 _____ () C:\Users\User\Desktop\Mir het dr Dings verzellt Pratitur.mus
2014-01-28 13:47 - 2014-01-28 13:47 - 00888536 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-01-28 13:47 - 2014-01-28 13:47 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-26 13:09 - 2014-01-26 13:09 - 00266968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-01-26 12:58 - 2014-02-10 09:22 - 00000286 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-01-26 12:58 - 2014-01-26 12:58 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-01-26 12:58 - 2014-01-26 12:58 - 00002582 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-01-26 12:58 - 2014-01-26 12:58 - 00001114 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-01-26 11:46 - 2014-02-10 13:14 - 00000000 ____D () C:\FRST
2014-01-26 11:46 - 2014-02-09 14:42 - 00000000 ____D () C:\Users\User\Desktop\Trojanerbeseitigung
2014-01-26 11:43 - 2014-01-26 11:43 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-01-26 11:31 - 2014-01-26 11:31 - 00077836 _____ () C:\Users\User\Downloads\Extras.Txt
2014-01-26 11:30 - 2014-01-26 11:30 - 00128498 _____ () C:\Users\User\Downloads\OTL.Txt
2014-01-26 11:12 - 2014-01-26 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-01-15 16:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:12 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-10 13:14 - 2014-01-26 11:46 - 00000000 ____D () C:\FRST
2014-02-10 13:12 - 2013-12-22 17:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 13:12 - 2012-07-24 13:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 10:16 - 2013-07-29 14:01 - 00312832 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-02-10 10:13 - 2013-12-04 14:41 - 01716469 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 09:44 - 2011-12-15 14:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-02-10 09:32 - 2009-07-14 05:45 - 00025296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 09:32 - 2009-07-14 05:45 - 00025296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 09:30 - 2014-02-10 09:30 - 00000624 _____ () C:\Users\User\Desktop\JRT.txt
2014-02-10 09:23 - 2013-12-22 17:50 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 09:22 - 2014-02-09 19:04 - 00000168 _____ () C:\Windows\setupact.log
2014-02-10 09:22 - 2014-01-26 12:58 - 00000286 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-02-10 09:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 09:20 - 2013-12-29 11:55 - 00000000 ____D () C:\AdwCleaner
2014-02-10 03:00 - 2013-11-06 23:54 - 00000224 _____ () C:\Windows\Tasks\IOBit_AutoShutdown20131106235459.job
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-09 19:03 - 2014-02-09 19:03 - 00001290 _____ () C:\Windows\PFRO.log
2014-02-09 15:30 - 2011-09-18 15:25 - 00000000 ____D () C:\Program Files (x86)\CLX.ClubMaker
2014-02-09 15:23 - 2011-09-16 09:18 - 01652412 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-09 15:23 - 2011-03-28 08:51 - 00704024 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 15:23 - 2011-03-28 08:51 - 00151180 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 14:46 - 2014-02-09 14:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 14:46 - 2014-02-09 14:45 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-09 14:46 - 2013-10-27 16:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-09 14:46 - 2011-09-16 12:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 14:42 - 2014-01-26 11:46 - 00000000 ____D () C:\Users\User\Desktop\Trojanerbeseitigung
2014-02-09 10:16 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-07 09:02 - 2014-02-07 09:02 - 00000000 _____ () C:\asc_rdflag
2014-02-07 09:02 - 2013-12-03 15:36 - 74227712 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-02-07 09:02 - 2013-12-03 15:36 - 01056768 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-02-07 09:02 - 2013-12-03 15:36 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-02-07 09:02 - 2013-12-03 15:36 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-02-07 08:53 - 2014-02-07 08:53 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-02-07 08:53 - 2014-02-07 08:53 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-02-07 08:52 - 2014-02-07 08:52 - 00001176 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-02-07 08:52 - 2013-01-06 19:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2014-02-07 08:52 - 2013-01-06 19:41 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-07 08:25 - 2009-07-14 06:13 - 01624178 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 08:10 - 2011-09-16 15:01 - 00000000 ____D () C:\Users\User\AppData\Local\FreePDF_XP
2014-02-05 14:15 - 2012-07-24 13:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 14:15 - 2012-04-07 20:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 14:15 - 2011-09-16 11:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 16:07 - 2014-02-04 16:07 - 00057586 _____ () C:\Users\User\Desktop\Mir het dr Dings verzellt Pratitur.mus
2014-01-28 13:47 - 2014-01-28 13:47 - 00888536 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-01-28 13:47 - 2014-01-28 13:47 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-28 13:47 - 2011-03-28 17:19 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-01-27 06:47 - 2013-03-03 15:11 - 00000000 ____D () C:\Windows\Minidump
2014-01-26 15:37 - 2012-11-27 08:27 - 00000610 _____ () C:\Users\User\Desktop\Fotobuch Foto-Grusskarten Fotokalender Fotogeschenke - Ifolor#standard.website
2014-01-26 13:09 - 2014-01-26 13:09 - 00266968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-01-26 12:58 - 2014-01-26 12:58 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-01-26 12:58 - 2014-01-26 12:58 - 00002582 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-01-26 12:58 - 2014-01-26 12:58 - 00001114 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-01-26 11:43 - 2014-01-26 11:43 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-01-26 11:31 - 2014-01-26 11:31 - 00077836 _____ () C:\Users\User\Downloads\Extras.Txt
2014-01-26 11:30 - 2014-01-26 11:30 - 00128498 _____ () C:\Users\User\Downloads\OTL.Txt
2014-01-26 11:12 - 2014-01-26 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-01-24 18:33 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 07:52 - 2011-09-16 12:02 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-01-16 13:43 - 2011-09-18 15:13 - 00000000 ____D () C:\Users\User\Documents\Annette
2014-01-16 06:05 - 2009-07-14 05:45 - 00430224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:03 - 2009-07-14 03:34 - 00000518 _____ () C:\Windows\win.ini
2014-01-16 03:02 - 2013-07-13 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2011-09-16 08:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 10:54

==================== End Of Log ============================
--- --- ---

--- --- ---
Danke schon mal für Deine Antwort!
Freundliche Grüsse,
Marc

schrauber 11.02.2014 09:08

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Marc_83 15.02.2014 15:24
Hallo schrauber

Besten Dank für Deine Antwort und die weiteren Instruktionen! Ich habe diese befolgt.

Das File des ESET-Scans:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4a53de42e9c0de489466fe60c8eb95cc
# engine=17084
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-15 10:58:01
# local_time=2014-02-15 11:58:01 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 18841536 144091731 0 0
# scanned=214211
# found=4
# cleaned=0
# scan_time=4424
sh=92F75E88059480BA0AFF2A43E7C72CA533B1233F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NFX trojan" ac=I fn="C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\269bb6dc-68a4b770"
sh=E25238098D95C577744B67C8607DC39E77F3B9DC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-0422.AJ trojan" ac=I fn="C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\225d2d1f-4c098bf8"
sh=E25238098D95C577744B67C8607DC39E77F3B9DC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-0422.AJ trojan" ac=I fn="C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7c52d12d-70e15660"
sh=81746A352EA04A4BCC227B881B7F247E66E13A71 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-0422.CF trojan" ac=I fn="C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\632c4887-223a4bd0"
checkup.txt aus dem SecurityCheck-Scan:
Code:
Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 51 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 IObit IObit Malware Fighter IMFsrv.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Und natürlich das aktuellste FRST-Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by User (administrator) on TRIVIUM4001 on 15-02-2014 15:12:08
Running from C:\Users\User\Desktop\Trojanerbeseitigung\2 FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE
(Acronis) C:\PROGRAM FILES (X86)\ACRONIS\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184 2013-12-13] (IObit)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = yahoo
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
SearchScopes: HKCU - DefaultScope {A8F7C9A9-1173-4155-97A4-8CD18F313CFC} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A8F7C9A9-1173-4155-97A4-8CD18F313CFC} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {DB1608E9-5315-4436-8629-9E55C856BC06} URL = https://www.google.ch/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-23]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)

==================== Drivers (Whitelisted) ====================

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-06] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWOW64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 10:36 - 2014-02-15 10:36 - 00000056 _____ () C:\Windows\setupact.log
2014-02-15 10:36 - 2014-02-15 10:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 17:36 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 17:36 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 17:35 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 17:35 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 17:35 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 17:35 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 17:35 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 17:35 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 17:35 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 17:35 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 17:35 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 17:35 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 17:35 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 17:35 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 17:35 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 17:35 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 17:35 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 17:35 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 17:35 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 17:35 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 17:35 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 17:35 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 17:35 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 17:35 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 17:35 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 17:35 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 17:35 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 17:35 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 17:35 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 17:35 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 17:35 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 17:35 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 17:35 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 17:35 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 17:35 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 17:35 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 17:35 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 17:35 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 17:35 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 17:35 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 17:35 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-14 07:22 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 07:22 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-14 07:22 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 07:22 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 07:22 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 07:22 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 07:22 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 07:22 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 07:22 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 07:22 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 07:22 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 07:22 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 07:22 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 07:22 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 07:22 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 07:22 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 07:22 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 07:22 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 07:22 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 07:22 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 07:21 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 07:21 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 07:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 07:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-14 07:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 07:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 07:21 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 07:21 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 14:46 - 2014-02-09 14:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 14:46 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-09 14:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-09 14:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-09 14:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-09 14:45 - 2014-02-09 14:46 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 14:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-07 08:53 - 2014-02-07 08:53 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-02-07 08:53 - 2014-02-07 08:53 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-02-07 08:53 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-02-07 08:52 - 2014-02-07 08:52 - 00001176 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-02-07 08:52 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140207085314.dll
2014-02-07 08:52 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-02-07 08:52 - 2013-12-24 10:40 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2014-02-04 16:07 - 2014-02-04 16:07 - 00057586 _____ () C:\Users\User\Desktop\Mir het dr Dings verzellt Pratitur.mus
2014-01-28 13:47 - 2014-01-28 13:47 - 00888536 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-01-28 13:47 - 2014-01-28 13:47 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-26 13:09 - 2014-01-26 13:09 - 00266968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-01-26 12:58 - 2014-02-15 10:36 - 00000286 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-01-26 12:58 - 2014-01-26 12:58 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-01-26 12:58 - 2014-01-26 12:58 - 00002582 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-01-26 12:58 - 2014-01-26 12:58 - 00001114 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-01-26 11:46 - 2014-02-15 15:12 - 00000000 ____D () C:\FRST
2014-01-26 11:46 - 2014-02-15 15:10 - 00000000 ____D () C:\Users\User\Desktop\Trojanerbeseitigung
2014-01-26 11:43 - 2014-01-26 11:43 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-01-26 11:31 - 2014-01-26 11:31 - 00077836 _____ () C:\Users\User\Downloads\Extras.Txt
2014-01-26 11:30 - 2014-01-26 11:30 - 00128498 _____ () C:\Users\User\Downloads\OTL.Txt
2014-01-26 11:12 - 2014-01-26 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

2014-02-15 15:12 - 2014-01-26 11:46 - 00000000 ____D () C:\FRST
2014-02-15 15:10 - 2014-01-26 11:46 - 00000000 ____D () C:\Users\User\Desktop\Trojanerbeseitigung
2014-02-15 14:23 - 2013-12-22 17:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 14:23 - 2012-07-24 13:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-15 13:44 - 2013-12-04 14:41 - 01545568 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 12:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 10:56 - 2011-12-15 14:18 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-02-15 10:44 - 2009-07-14 05:45 - 00025296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 10:44 - 2009-07-14 05:45 - 00025296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 10:37 - 2013-12-22 17:50 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 10:36 - 2014-02-15 10:36 - 00000056 _____ () C:\Windows\setupact.log
2014-02-15 10:36 - 2014-02-15 10:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 10:36 - 2014-01-26 12:58 - 00000286 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-02-15 10:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 03:00 - 2013-11-06 23:54 - 00000224 _____ () C:\Windows\Tasks\IOBit_AutoShutdown20131106235459.job
2014-02-14 17:50 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-14 17:42 - 2013-07-13 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 17:41 - 2011-09-16 08:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 17:38 - 2011-09-16 09:18 - 01606280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 17:38 - 2011-03-28 08:51 - 00704024 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 17:38 - 2011-03-28 08:51 - 00151180 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 17:38 - 2009-07-14 06:13 - 01606280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 06:18 - 2013-12-22 17:50 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 06:18 - 2013-12-22 17:50 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 12:12 - 2013-07-29 14:01 - 00312832 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-02-10 09:20 - 2013-12-29 11:55 - 00000000 ____D () C:\AdwCleaner
2014-02-09 15:30 - 2011-09-18 15:25 - 00000000 ____D () C:\Program Files (x86)\CLX.ClubMaker
2014-02-09 14:46 - 2014-02-09 14:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 14:46 - 2014-02-09 14:45 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-09 14:46 - 2013-10-27 16:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-09 14:46 - 2011-09-16 12:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 14:45 - 2014-02-09 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 10:16 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-07 09:02 - 2013-12-03 15:36 - 74227712 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-02-07 09:02 - 2013-12-03 15:36 - 01056768 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-02-07 09:02 - 2013-12-03 15:36 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-02-07 09:02 - 2013-12-03 15:36 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-02-07 08:53 - 2014-02-07 08:53 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-02-07 08:53 - 2014-02-07 08:53 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-02-07 08:52 - 2014-02-07 08:52 - 00001176 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-02-07 08:52 - 2013-01-06 19:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2014-02-07 08:52 - 2013-01-06 19:41 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-06 13:16 - 2014-02-14 17:35 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 17:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 17:35 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 17:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 17:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-14 17:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-14 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 17:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 17:35 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 17:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 17:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 17:35 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 17:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-14 17:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-14 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 17:35 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 17:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 17:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 17:35 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 17:35 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 17:35 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 17:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 17:35 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 17:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 17:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 17:35 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 17:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 08:10 - 2011-09-16 15:01 - 00000000 ____D () C:\Users\User\AppData\Local\FreePDF_XP
2014-02-05 14:15 - 2012-07-24 13:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 14:15 - 2012-04-07 20:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 14:15 - 2011-09-16 11:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 16:07 - 2014-02-04 16:07 - 00057586 _____ () C:\Users\User\Desktop\Mir het dr Dings verzellt Pratitur.mus
2014-01-28 13:47 - 2014-01-28 13:47 - 00888536 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-01-28 13:47 - 2014-01-28 13:47 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-28 13:47 - 2011-03-28 17:19 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-01-27 06:47 - 2013-03-03 15:11 - 00000000 ____D () C:\Windows\Minidump
2014-01-26 15:37 - 2012-11-27 08:27 - 00000610 _____ () C:\Users\User\Desktop\Fotobuch Foto-Grusskarten Fotokalender Fotogeschenke - Ifolor#standard.website
2014-01-26 13:09 - 2014-01-26 13:09 - 00266968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-01-26 12:58 - 2014-01-26 12:58 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-01-26 12:58 - 2014-01-26 12:58 - 00002582 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-01-26 12:58 - 2014-01-26 12:58 - 00001114 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-01-26 11:43 - 2014-01-26 11:43 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-01-26 11:31 - 2014-01-26 11:31 - 00077836 _____ () C:\Users\User\Downloads\Extras.Txt
2014-01-26 11:30 - 2014-01-26 11:30 - 00128498 _____ () C:\Users\User\Downloads\OTL.Txt
2014-01-26 11:12 - 2014-01-26 11:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-01-20 13:55 - 2014-01-20 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 07:52 - 2011-09-16 12:02 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-01-16 13:43 - 2011-09-18 15:13 - 00000000 ____D () C:\Users\User\Documents\Annette
2014-01-16 06:05 - 2009-07-14 05:45 - 00430224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:03 - 2009-07-14 03:34 - 00000518 _____ () C:\Windows\win.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 10:54

==================== End Of Log ============================
--- --- ---

--- --- ---


Anschliessend an den FRST-Scan habe ich die Internet Explorer-Startseite auf die ursprüngliche zurück zu ändern. Dies hat nicht geklappt. Es ist weiterhin die Spigot-Seite als Startseite eingestellt.

Wenn ich Deine Anweisungen richtig verstanden habe, sollte ich nach dem ESET-Scan KEINE Aktion tätigen und das Fenster einfach schliessen. War das richtig so, oder hätte ich das Löschen der vier Infektionen bestätigen müssen? Vom Bauch heraus hätte ich das so gemacht, aber ich dachte, Du bist der Experte und ich verstehe Dich hoffentlich richtig.

Freundliche Grüsse und besten Dank im Voraus,
Marc

schrauber 16.02.2014 07:27
Ich wollte mir die FUnde in ESET erst ansehen, ist aber nur Java Cache, machen wir jetzt:

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)

Marc_83 02.03.2014 11:08
Hallo Schrauber

Besten Dank für die Mitteilung der weiteren Schritte. Ich habe diese ausgeführt.

Ich habe den TFC heruntergeladen und gestartet. Die Bereinigung erfolgte ohne Neustart.

Ich habe FRST mit dem Fixlist.txt in demselben Ordner gestartet:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by User at 2014-03-02 10:52:37 Run:1
Running from C:\Users\User\Desktop\Trojanerbeseitigung\12 FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
       
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Key deleted successfully.

==== End of Fixlog ====
Danach habe ich die Einstellungen des Internet Explorers zurückgesetzt und den Computer neu gestartet. Nach dem Hochfahren habe ich dann den IE in Gang gesetzt. Wieder wurde die Yahoo-Spigot-Seite geöffnet.

Das blöde Ding ist recht hartnäckig...

Freundliche Grüsse
Marc

schrauber 03.03.2014 08:45
Poste bitte ein frisches FRST Log. Macht nur noch der IE Probleme?

Marc_83 03.03.2014 20:45
Hallo Schrauber

Besten Dank für Deine Antwort.

Als ich Dir gerade zurück schreiben wollte ist mir aufgefallen, dass der IE mittlerweile wieder auf Google (erwünscht und beim letzten Versuch nicht [sofort] aktiviert) startet an Stelle der spigot-Page. Die letzte Aktion scheint erfolgreich gewesen zu sein! :D

Trotzdem habe ich Deine Anweisungen mit dem FRST noch einmal befolgt (sicher ist sicher). Das Log dazu:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-03-2014
Ran by User at 2014-03-03 20:35:01 Run:2
Running from C:\Users\User\Desktop\Trojanerbeseitigung\13 FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - DVDVideoSoftTB_DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\User\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Unable to delete value

==== End of Fixlog ====
Die Startseite wurde danach von Google auf eine andere gewechselt. Ich konnte sie aber wieder zu Google wechseln.

Ich denke, das sollte es jetzt sein, oder? Das wäre SUPER! :taenzer:

Freundliche Grüsse
Marc

schrauber 04.03.2014 17:49
Teste mal bitte nen Tag oder zwei und melde dich wieder :)

Marc_83 18.03.2014 19:26
Hallo Schrauber

Ich habe mal ein paar Tage gewartet und es scheint, als wäre das Problem ein für allemal behoben! :taenzer:
Besten Dank für Deine Anleitung!

Freundliche Grüsse
Marc

schrauber 19.03.2014 14:41
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Marc_83 28.03.2014 17:47
Hallo Schrauber

So, ich habe alles erledigt, so wie es in Deinem letzten Post stand.

Noch einmal vielen Dank für Deine Hilfe und alles Gute
Marc


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131