Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: RegClean Pro (selbstständig) entfernt, jetzt Advanced-System Protector da (https://www.trojaner-board.de/159676-windows-7-regclean-pro-selbststaendig-entfernt-advanced-system-protector.html)

Cisco12 12.10.2014 19:51
Windows 7: RegClean Pro (selbstständig) entfernt, jetzt Advanced-System Protector da
 
Hallo,
ich habe gestern 2 Programme heruntergeladen (sharepod und mediamonkey - weiß leider nicht mehr welche Seiten das waren) und mir dabei anscheinend einen Virus "RegClean Pro" eingefangen.

RegClean Pro habe ich dann mit Hilfe vom CCleaner wieder deinstallieren können und auch sharepod und mediamonkey deinstalliert, dann Avast! darüberrennen lassen, was keinen Virus oder ähnliches gefunden hat.

Heute habe ich meinen PC wieder aufgedreht und gesehen, dass "Advanced System Protector" installiert ist. Wie werde ich diesen Virus wieder los?
Unter der Uninstall Liste beim CCleaner wird mir das Programm nicht angezeigt, nur wenn ich bei Windows in Programmen suche.

Hier die Log-Files (habe die Programme von Trojaner-Board leider erst heute installiert):

Ich konnte leider keine präzise Anleitung finden, wie man Avast Log-Files findet. Hoffentlich ist das hier das richtige.
Code:
Files=51
00000103        71D1C8B057B4C850F657BC0DF365503EB41ED3B0789F85816399DC8B0B2B45A0        algo.dll
00000103        1A80E5F1D15AB1171C501B877283742F9AA833ACE959BD25B1952C3301336E39        algo64.dll
00000403        5DD0CB5B9EDEE070FF306FE1A6C086FDFA6B80E10FB123342523FABC225BC63C        def.ini
00000403        40EE205814E8FAD226C64B7CC2293E97B332ABED086F482403C8BFFC4A254CC9        certs.map
00000403        F219515E949E20D5CDB057B2F4BE2F8725FEDB03065BE2197CE4672BDF02874A        db_el.dat
00000403        239B43C73B88A6027508B80D785BABAFCA5CA0546133B10E773FFCCD371B2264        db_evope.dat
00000403        6A54BFC20BDCDBE3B09600DE072768D62895882CE30D319BDFA41BAB4E162A0C        db_ob2.dat
00000403        4EC4443F3911EA637863468FE531E60AD680DC519F812C9CCEA2168157B1BA90        db_pe3.dat
00000403        33814B9933E0723F56688D60E8F0D0835BD9C423687E7B2FC75BD262C6748C4F        db_tx.dat
00000403        5B1C345DCCCD0995A971FDADC449013A5A7D2AE345282887ECE32374BA87ECDC        db_u.dat
00000403        0E1005D31AFE128E3E69320BAA18472335BF28174A9E2EE85185CCED6FD7CBCD        db_wh2.dat
00000403        527C92A78F2E32E3EDFC76B6DB4A59686B9638D58C6612A23023A6436F3DC01D        db_as.dat
00000403        AA6CF727EB8E6256BB1E8275B58F7951D35B0AF7EE94C379909515CD6EB6C1DD        whitelist.db
00000403        C1E479E7910F9071787ED5CA997D55F41C7285B2F8FD2B658A750BFBCC0FFB02        db_sc.dat
00000403        68B7D81B86CE1317D17011D4AC04EC3DA7CB8C2CC65DF7E0B34491B6C98EA1C9        db_xtn.map
00000403        D8F1F6451E037DAA1165DC170DC7595D01D6B709296A2F7ED16E82084E927A16        db_bank.dat
00000403        E3B129571CBC189926A81DE96997CA95DF5420368494522E77534BDA08CA22B7        db_sx.dat
00000403        F780931B4E2FA0F93D9F693862842E3843E7245F4684C0A0CC2FFE4D402AC46A        db_dsql.dat
00000403        1D2231A7D40F94DE4704E5409E38EAFDF67981676690BC7ECFEAE8AA205DF32C        db_dsql.map
00000403        DE92F02C0A0E4DC70196682FCB2E922A43D46958049FA4540AB1B681B2D4784F        db_o7c.dat
00000403        847756A48E1371AE2A6008772EC5E7993DB907C2CEF716740E67C71AEBD89BF2        db_o7c.map
00000403        AA514BC1D2CF8D5D4CE4C93D95C30BC9621705CE9DA2FF75E3E9614FB3137799        db_w6c.dat
00000403        3462EA4A8C10985E566ADFCD44ED3DDBCF2D005EBA306FCB81B4149A3921631B        db_w6c.map
00000403        99E5F4A512961B9CFC39E44EEF980C80C9EE9DCE30775A434EC11D337877CFFF        db_bhv.nmp
00000403        26606238FF9E7F9941BEECC0D1A9889BC933950B3634B20198BD6377B600E5F7        db_bhv.sig
00000403        C59575A7352415939B97DB852C0102B6B87C3A9B0782A626239A7F6F770CE1EA        db_dex.nmp
00000403        E2C92317B86EA0978E78956D01BCF2BCBC76D73441312F162D16C1F428D59B50        db_dex.sig
00000403        FBFA05F12D27E8A45244CB7F92EAB0F99031D1624367FF465B88E27C4B338A49        db_dyna.nmp
00000403        0F410BC29ACFD2DFEB20A230B6290308DAE8034A183E13DAFFFE9262B2F6A5D6        db_dyna.sig
00000403        886087211BEDC12A6A751861D932C7728F7B0E2556D3D804B42F916718B19EFB        db_elf.nmp
00000403        F0C33E16C78DF76E1D9DB9951E450FF8977231FD915D4D6201713D560727A348        db_elf.sig
00000403        0363AF352210E37FE6CD9856825072DF17EFFA9ED1E951E9AF1CD2B278C37A80        db_elfa.nmp
00000403        92EBDCCC0E3052FEF4DF46550E611D9478A34518805B3A2F4570E906190D0E5C        db_elfa.sig
00000403        71275C0BBE0C6508504C355C536B05B69837174811986A93ECF547AFB44FD6ED        db_java.nmp
00000403        B8F07D5F2AB1F79CA359B5C90463EA9D3A91C5525DD39BB6377586EFE8B7ADFD        db_java.sig
00000403        6854CC47F2435239FF592F0C236C175C51733F6EAE019DAFED1957DB2B82A917        db_js.nmp
00000403        747B02BC5777DA9697CCA707B98603C8D772A0581F4767C030A0916E9C84E7AF        db_js.sig
00000403        1B6265D46927E48E47AA2ACEDC90129F47C60475B3726955966C0AFB9EDBB8E5        db_mx4.nmp
00000403        3BE267B1F7672DC92EABE69101EFBE5BF0BDE014CF3EC8B559E24F7028476361        db_mx4.sig
00000403        56839CE75E6C30FC676E04670C17230707965144C3453F3DFEA6A6B22D025671        db_mx95.nmp
00000403        11B9F7F96355E7A1F6D97A12905C98F7C75CA7F94860C8C35CBF01B269846EA1        db_mx95.sig
00000403        84762561B8152BA8022EFD52D1A9DF8E475E19EBFD205E2E2D3C64FFAAACE02F        db_o7.nmp
00000403        3155E71B5738981922D2D41CDA5D2EFA69ED9E22D37FBD7456C01B505730B407        db_o7.sig
00000403        9E64439AB57EB5CD245F6654AD8EE15F3443C8EB57B2EA5939B6919891300F70        db_swf.nmp
00000403        BCB59B9EE860030AA42E97BAC252F443C8082E4E8180908916A19D35C2FCB6AC        db_swf.sig
00000403        31270E2D7921F9746D1AD91426784A8FD79AC4A8AEB494EEE5CBD4812A3A47AC        db_w6.nmp
00000403        B2DDC5E5C2916AD90CF8E0C65C776530104FE0C3F2355112F03C2B6807378A7D        db_w6.sig
00000403        B4A7F1552E231BCA81F113341EFEAADD6D79C7217296D616C2E82CE75F654933        db_str.nmp
00000403        E2EDFC3151493B728966C96B9B59327649451342886E14E8CCFBEB4B791273E3        db_str.sig
00000403        C3B8286715F98D76D611069D806D881AFBF72E5BA139C6F3807080A9FC885389        db_sl.nmp
00000403        7BA9AB6C61F21212C120706491F3080ADF02B5E4B825636B683E23AA6B71B15D        db_sl.sig
ASWSig2A80D0A711142A6E1D9232670A136A9B776DD914F13970C21F039A759478F567441EA0186CE7BF6CC382C427A88F79C109BF88CA9C4F14410D4F2AB0DDA946C81BASWSig2A
(P.S. Wann kann ich diese DVD/CD Sachen wieder enablen bei defogger?)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:03 on 12/10/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by *** (administrator) on ***-PC on 12-10-2014 20:07:24
Running from C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LZ4LVIE
Loaded Profiles: *** & UpdatusUser (Available profiles: *** & UpdatusUser)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Systweak) C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\neurowise\bin\utilneurowise.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
() C:\Program Files (x86)\neurowise\updateneurowise.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2014-08-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2014-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-17] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2175078040-2326866684-2893729699-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2175078040-2326866684-2893729699-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2175078040-2326866684-2893729699-1001\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-11-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-27] (NVIDIA Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E01AA8233BACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {10144D35-573A-49C8-9C44-8414ADC861FA} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {2e32cfe5-df92-4ae5-b0be-609ed0df74a6} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\***\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SaveSense - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\Extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} [2014-10-09]
FF Extension: neurowise - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\Extensions\{fe651286-52a1-461b-a17a-f258b4b81968}.xpi [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-17] (AVAST Software)
R2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [522528 2014-10-12] ()
R2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [522528 2014-10-12] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-17] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 20:07 - 2014-10-12 20:07 - 00000000 ____D () C:\FRST
2014-10-12 20:03 - 2014-10-12 20:03 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 _____ () C:\Users\***\defogger_reenable
2014-10-10 10:45 - 2014-10-12 19:18 - 00000224 _____ () C:\Windows\setupact.log
2014-10-10 10:45 - 2014-10-10 10:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 10:45 - 2014-10-10 10:45 - 00109296 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-10 10:45 - 2014-10-10 10:45 - 00000348 _____ () C:\Windows\PFRO.log
2014-10-10 10:45 - 2014-10-10 10:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-10 00:34 - 2014-10-10 00:34 - 00000000 ____D () C:\Users\***\AppData\Roaming\TeamViewer
2014-10-10 00:09 - 2014-10-12 19:19 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2014-10-10 00:09 - 2014-10-10 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-10 00:09 - 2014-10-10 00:09 - 00003308 _____ () C:\Windows\System32\Tasks\ASP
2014-10-10 00:09 - 2014-10-10 00:09 - 00003090 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-10-10 00:09 - 2014-10-10 00:09 - 00000000 ____D () C:\Users\***\AppData\Roaming\ASP
2014-10-10 00:09 - 2014-10-10 00:09 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-10 00:09 - 2014-10-10 00:09 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-10-10 00:09 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-10-10 00:07 - 2014-10-10 00:07 - 00000000 ____D () C:\Users\***\AppData\Local\MediaMonkey
2014-10-10 00:06 - 2014-10-10 00:09 - 00000000 ____D () C:\Users\***\AppData\Roaming\MediaMonkey
2014-10-09 23:55 - 2014-10-09 23:55 - 00000000 ____D () C:\Users\***\AppData\Local\Macroplant,_LLC
2014-10-09 23:54 - 2014-10-10 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-09 23:54 - 2014-10-10 00:45 - 00000000 ____D () C:\Program Files (x86)\Sharepod
2014-10-09 23:54 - 2014-10-10 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-10-09 23:54 - 2014-10-10 00:09 - 00000000 ____D () C:\Users\***\AppData\Roaming\Systweak
2014-10-09 23:54 - 2014-10-09 23:54 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-10-09 23:54 - 2014-10-09 23:54 - 00000000 ____D () C:\Program Files (x86)\SaveSense
2014-10-09 23:54 - 2014-10-09 23:54 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-10-09 23:54 - 2014-08-05 19:14 - 00020328 _____ () C:\Windows\system32\roboot64.exe
2014-10-09 23:53 - 2014-10-10 00:54 - 00000000 ____D () C:\Program Files (x86)\neurowise
2014-10-09 23:27 - 2014-10-09 23:27 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files\iPod
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-01 10:01 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:01 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 13:08 - 2014-09-28 13:08 - 00000000 ____D () C:\Users\***\Documents\Advanced Macro
2014-09-24 14:27 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 14:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 19:18 - 2014-10-10 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-12 19:47 - 2014-09-12 19:47 - 00000000 ____D () C:\Users\***\AppData\Roaming\IDM
2014-09-12 17:49 - 2014-09-12 17:49 - 00450560 _____ () C:\Users\***\Desktop\Umzugsgutliste Kubatur.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 20:03 - 2014-08-17 17:40 - 00000000 ____D () C:\Users\***
2014-10-12 19:37 - 2014-08-17 18:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 19:26 - 2009-07-14 06:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 19:26 - 2009-07-14 06:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 19:25 - 2009-07-14 07:13 - 01400806 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 19:24 - 2014-08-17 18:41 - 01065184 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 19:19 - 2014-08-18 10:54 - 00000000 ___RD () C:\Users\***\Dropbox
2014-10-12 19:19 - 2014-08-17 18:08 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-10-12 19:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 11:27 - 2014-08-17 18:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-10-10 01:06 - 2014-08-17 18:10 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-10 01:02 - 2014-08-17 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-10 01:02 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\Panther
2014-10-10 00:51 - 2014-08-17 18:10 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-10 00:51 - 2014-08-17 18:10 - 00000000 ____D () C:\ProgramData\Skype
2014-10-10 00:13 - 2014-08-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-09 23:45 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\***\AppData\Roaming\Apple Computer
2014-10-09 11:23 - 2014-08-30 19:43 - 00000000 ____D () C:\Users\***\Documents\Lund University
2014-10-06 16:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 13:51 - 2014-08-17 18:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-26 19:53 - 2014-08-17 18:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 20:37 - 2014-08-17 18:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:37 - 2014-08-17 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:37 - 2014-08-17 18:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-20 15:44 - 2014-08-17 18:22 - 00000000 ____D () C:\Users\***\AppData\Local\Microsoft Help
2014-09-19 12:41 - 2014-08-17 18:15 - 00001029 _____ () C:\Users\***\Desktop\Dropbox.lnk
2014-09-19 12:41 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 20:42 - 2014-08-30 23:12 - 00000000 ____D () C:\Windows\rescache
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 23:32 - 2014-08-19 21:08 - 00000000 ____D () C:\Users\***\AppData\Local\Viber
2014-09-14 23:15 - 2014-08-19 21:08 - 00000000 ____D () C:\Users\***\AppData\Roaming\ViberPC

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi50koy.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-08 10:35

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by *** at 2014-10-12 20:08:43
Running from C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LZ4LVIE
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2175078040-2326866684-2893729699-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {404F4574-1C9C-40FA-AF0E-21809D47276A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {46E2192D-9BBB-450D-8903-C79C106420EB} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-08-05] () <==== ATTENTION
Task: {53C37207-A581-4CEF-9D37-930BC8093106} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {94C941FD-CB0D-42C0-92AA-5FEB70D243B7} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-10-07] (Systweak) <==== ATTENTION
Task: {AFF5A508-D2D0-41F9-8591-C4AD401009AD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-17] (AVAST Software)
Task: {BF9E376F-5D5E-4811-999C-0E0AC2BE8AC8} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe [2014-08-06] (Systweak Inc                                                )
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-06-25 05:23 - 2011-03-26 02:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-10 00:54 - 2014-10-12 19:20 - 00522528 _____ () C:\Program Files (x86)\neurowise\bin\utilneurowise.exe
2014-10-09 22:08 - 2014-10-12 19:25 - 00522528 _____ () C:\Program Files (x86)\neurowise\updateneurowise.exe
2014-08-17 18:14 - 2014-08-17 18:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-11 01:02 - 2014-10-11 01:02 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101001\algo.dll
2014-10-12 19:20 - 2014-10-12 19:20 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101200\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-10 00:09 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-10-10 00:09 - 2014-10-07 16:58 - 01730928 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-10-10 00:09 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\ASP\UNRAR.DLL
2014-02-07 19:12 - 2014-02-07 19:12 - 00036864 _____ () C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2014-02-07 19:12 - 2014-02-07 19:12 - 14950400 _____ () C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll
2014-02-07 19:12 - 2014-02-07 19:12 - 00594944 _____ () C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll
2014-02-07 19:12 - 2014-02-07 19:12 - 00023040 _____ () C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll
2014-02-07 16:34 - 2014-02-07 16:34 - 00057856 _____ () C:\Program Files (x86)\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2014-10-12 19:19 - 2014-10-12 19:19 - 00043008 _____ () c:\users\***\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi50koy.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-17 18:14 - 2014-08-17 18:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-11 15:21 - 2014-09-11 15:21 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0c4b6ee55651bc9b7e92acc78a250540\IsdiInterop.ni.dll
2014-08-17 17:51 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2175078040-2326866684-2893729699-500 - Administrator - Disabled)
Gast (S-1-5-21-2175078040-2326866684-2893729699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2175078040-2326866684-2893729699-1003 - Limited - Enabled)
*** (S-1-5-21-2175078040-2326866684-2893729699-1000 - Administrator - Enabled) => C:\Users\***
UpdatusUser (S-1-5-21-2175078040-2326866684-2893729699-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2014 07:25:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WMI-Objekte". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (10/12/2014 07:19:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 01:11:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WMI-Objekte". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (10/11/2014 01:06:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WMI-Objekte". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (10/11/2014 01:01:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 03:59:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WMI-Objekte". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (10/10/2014 03:55:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 11:25:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WMI-Objekte". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (10/10/2014 10:51:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WMI-Objekte". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (10/10/2014 10:45:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (10/10/2014 10:46:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (10/10/2014 10:45:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/10/2014 10:45:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3947.86 MB
Available physical RAM: 1770 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5169 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:119.14 GB) (Free:30.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: EED5436B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-12 20:28:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.DXM0 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\***\AppData\Local\Temp\uxliqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                                                            fffff80002dc1000 45 bytes [00, 00, E2, 00, 4D, 6D, 43, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                                                                            fffff80002dc102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\wininit.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\services.exe[732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                  00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\nvvsvc.exe[948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Windows\System32\svchost.exe[316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\winlogon.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                  00000000779fef8d 1 byte [62]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                          00000000779fef8d 1 byte [62]
.text    C:\Windows\system32\nvvsvc.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                      000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                      000000007726a2fd 1 byte [62]
.text    C:\Windows\Explorer.EXE[2324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                          00000000779fef8d 1 byte [62]
.text    C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe[2136] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                                                                                            000000007726a2fd 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                  00000000779fef8d 1 byte [62]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                            00000000779fef8d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                    00000000779fef8d 1 byte [62]
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[3416] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                                                                                                      000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3480] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                                                                    000000007726a2fd 1 byte [62]
.text    C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                          000000007726a2fd 1 byte [62]
.text    C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                                                        0000000077001465 2 bytes [00, 77]
.text    C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                                                        00000000770014bb 2 bytes [00, 77]
.text    ...                                                                                                                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                  000000007726a2fd 1 byte [62]
.text    C:\Program Files\AVAST Software\Avast\avastui.exe[3624] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                                          0000000077248791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text    C:\Program Files\AVAST Software\Avast\avastui.exe[3624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                                000000007726a2fd 1 byte [62]
.text    C:\Dolby PCEE4\pcee4.exe[3996] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                                                                                                                          00000000779fef8d 1 byte [62]
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                            000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[3968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                                    000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\neurowise\bin\utilneurowise.exe[4768] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                                                                                            000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\neurowise\bin\utilneurowise.exe[4768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                                                          0000000077001465 2 bytes [00, 77]
.text    C:\Program Files (x86)\neurowise\bin\utilneurowise.exe[4768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                                                        00000000770014bb 2 bytes [00, 77]
.text    ...                                                                                                                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3632] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                                                              000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1580] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                    000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                              000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                            0000000077001465 2 bytes [00, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                          00000000770014bb 2 bytes [00, 77]
.text    ...                                                                                                                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                    000000007726a2fd 1 byte [62]
.text    C:\Program Files (x86)\neurowise\updateneurowise.exe[7924] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                                                                                              000000007726a2fd 1 byte [62]
.text    C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJMVL2C\Gmer-19357.exe[7256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                      000000007726a2fd 1 byte [62]
---- Processes - GMER 2.1 ----

Library  C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2014-09-13 00:20:58)                                                                                                      0000000003c20000
Library  c:\users\***\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi50koy.dll (*** suspicious ***) @ C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2014-10-12 17:19:49)                                                        0000000004060000
Library  C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2013-08-23 19:01:44)                                                                                                            0000000060970000
Library  C:\Users\***\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                                                                              000000005ffe0000
Process  C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJMVL2C\Gmer-19357.exe (*** suspicious ***) @ C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJMVL2C\Gmer-19357.exe [7256](2014-10-12 18:19:19)  0000000000400000

---- EOF - GMER 2.1 ----

schrauber 12.10.2014 20:42
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Cisco12 12.10.2014 21:13
Hallo,

habe ich gemacht. Mein SmartScreen-Filter bei der Installation gemeckert (das hat er am Anfang schon bei der Installation von FRST gemacht) und gesagt, dass das Programm nicht häufig heruntergeladen und auch nicht vom Autor signiert ist. Ich habe einfach auf "Trotzdem ausführen" geklickt.

Hätte ich den PC auch neu starten sollen?

Hier das Log-File:
Code:
ComboFix 14-10-13.01 - *** 12.10.2014  22:00:15.1.4 - x64
Microsoft Windows 7 Enterprise  6.1.7601.1.1252.49.1031.18.3948.1999 [GMT 2:00]
ausgeführt von:: c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV16ZQJU\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SaveSense
c:\program files (x86)\SaveSense\icon.ico
c:\program files (x86)\SaveSense\SaveSense.crx
c:\program files (x86)\SaveSense\SaveSense.xpi
c:\program files (x86)\SaveSense\SaveSenseIE.dll
c:\program files (x86)\SaveSense\SaveSenseIE64.dll
c:\program files (x86)\SaveSense\uninst.exe
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-12 bis 2014-10-12  ))))))))))))))))))))))))))))))
.
.
2014-10-12 20:05 . 2014-10-12 20:05        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-10-12 20:05 . 2014-10-12 20:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-12 19:48 . 2014-10-12 19:48        --------        d-----w-        c:\program files\Google
2014-10-12 19:48 . 2014-10-12 19:51        --------        d-----w-        c:\users\***\AppData\Local\Google
2014-10-12 19:48 . 2014-10-12 19:51        --------        d-----w-        c:\program files (x86)\Google
2014-10-12 18:07 . 2014-10-12 18:09        --------        d-----w-        C:\FRST
2014-10-12 17:30 . 2014-10-12 17:30        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A0A659E-3608-4A1B-8991-5A890731F7B0}\offreg.dll
2014-10-10 08:49 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A0A659E-3608-4A1B-8991-5A890731F7B0}\mpengine.dll
2014-10-09 22:34 . 2014-10-09 22:34        --------        d-----w-        c:\users\***\AppData\Roaming\TeamViewer
2014-10-09 22:09 . 2014-10-09 22:09        --------        d-----w-        c:\programdata\Systweak
2014-10-09 22:09 . 2014-10-09 22:09        --------        d-----w-        c:\program files (x86)\ASP
2014-10-09 22:09 . 2012-07-25 10:03        16896        ----a-w-        c:\windows\system32\sasnative64.exe
2014-10-09 22:09 . 2014-10-09 22:09        --------        d-----w-        c:\users\***\AppData\Roaming\ASP
2014-10-09 22:07 . 2014-10-09 22:07        --------        d-----w-        c:\users\***\AppData\Local\MediaMonkey
2014-10-09 22:06 . 2014-10-09 22:09        --------        d-----w-        c:\users\***\AppData\Roaming\MediaMonkey
2014-10-09 21:55 . 2014-10-09 21:55        --------        d-----w-        c:\users\***\AppData\Local\Macroplant,_LLC
2014-10-09 21:54 . 2014-10-09 22:09        --------        d-----w-        c:\users\***\AppData\Roaming\Systweak
2014-10-09 21:54 . 2014-08-05 17:14        20328        ----a-w-        c:\windows\system32\roboot64.exe
2014-10-09 21:54 . 2014-10-09 21:54        --------        d-----w-        c:\program files (x86)\RCP
2014-10-09 21:54 . 2014-10-09 22:45        --------        d-----w-        c:\program files (x86)\Sharepod
2014-10-09 21:53 . 2014-10-09 22:54        --------        d-----w-        c:\program files (x86)\neurowise
2014-10-09 21:27 . 2014-10-09 21:27        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 21:27 . 2014-10-09 21:27        --------        d-----w-        c:\program files\iTunes
2014-10-09 21:27 . 2014-10-09 21:27        --------        d-----w-        c:\program files (x86)\iTunes
2014-10-09 21:27 . 2014-10-09 21:27        --------        d-----w-        c:\program files\iPod
2014-10-01 08:01 . 2014-09-25 02:08        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-10-01 08:01 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-24 12:27 . 2014-09-09 22:11        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-24 12:27 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-21 17:18 . 2014-09-21 17:18        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-09-21 17:18 . 2014-09-21 17:18        --------        d-----r-        c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-12 19:48 . 2014-08-17 16:09        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-12 19:48 . 2014-08-17 16:09        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 07:06 . 2010-11-21 03:27        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-05 02:10 . 2014-09-11 07:09        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-11 07:09        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-08-23 02:07 . 2014-08-28 15:08        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 15:08        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 15:08        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 07:11        374968        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 07:11        23591424        ----a-w-        c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 07:11        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 07:11        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 07:11        2793984        ----a-w-        c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 07:11        5833728        ----a-w-        c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 07:11        547328        ----a-w-        c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 07:11        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 07:11        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 07:11        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 07:11        51200        ----a-w-        c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 07:11        4232704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 07:11        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 07:11        596480        ----a-w-        c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 07:11        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 07:11        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 07:11        758272        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 07:11        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 07:11        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 07:11        446464        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 07:11        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 07:11        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 07:11        72704        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 07:11        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 07:11        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 07:11        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 07:11        85504        ----a-w-        c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 07:11        289280        ----a-w-        c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 07:11        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 07:11        597504        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 07:11        727040        ----a-w-        c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 07:11        707072        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 07:11        2104832        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 07:11        1249280        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 07:11        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 07:11        13588480        ----a-w-        c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 07:11        2310656        ----a-w-        c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 07:11        2014208        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 07:11        1068032        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 07:11        1447424        ----a-w-        c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 07:11        1812992        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 07:11        775168        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-08-18 08:43 . 2014-08-18 08:43        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2014-08-18 08:43 . 2014-08-18 08:43        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2014-08-18 08:43 . 2014-08-18 08:43        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2014-08-18 08:43 . 2014-08-18 08:43        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2014-08-18 08:43 . 2014-08-18 08:43        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2014-08-18 08:43 . 2014-08-18 08:43        81408        ----a-w-        c:\windows\system32\icardie.dll
2014-08-18 08:43 . 2014-08-18 08:43        77312        ----a-w-        c:\windows\system32\tdc.ocx
2014-08-18 08:43 . 2014-08-18 08:43        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2014-08-18 08:43 . 2014-08-18 08:43        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-08-18 08:43 . 2014-08-18 08:43        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2014-08-18 08:43 . 2014-08-18 08:43        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2014-08-18 08:43 . 2014-08-18 08:43        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2014-08-18 08:43 . 2014-08-18 08:43        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2014-08-18 08:43 . 2014-08-18 08:43        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2014-08-18 08:43 . 2014-08-18 08:43        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2014-08-18 08:43 . 2014-08-18 08:43        413696        ----a-w-        c:\windows\system32\html.iec
2014-08-18 08:43 . 2014-08-18 08:43        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2014-08-18 08:43 . 2014-08-18 08:43        337408        ----a-w-        c:\windows\SysWow64\html.iec
2014-08-18 08:43 . 2014-08-18 08:43        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2014-08-18 08:43 . 2014-08-18 08:43        247808        ----a-w-        c:\windows\system32\msls31.dll
2014-08-18 08:43 . 2014-08-18 08:43        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2014-08-18 08:43 . 2014-08-18 08:43        243200        ----a-w-        c:\windows\system32\webcheck.dll
2014-08-18 08:43 . 2014-08-18 08:43        235520        ----a-w-        c:\windows\system32\url.dll
2014-08-18 08:43 . 2014-08-18 08:43        235008        ----a-w-        c:\windows\system32\elshyph.dll
2014-08-18 08:43 . 2014-08-18 08:43        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2014-08-18 08:43 . 2014-08-18 08:43        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2014-08-18 08:43 . 2014-08-18 08:43        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2014-08-18 08:43 . 2014-08-18 08:43        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2014-08-18 08:43 . 2014-08-18 08:43        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2014-08-18 08:43 . 2014-08-18 08:43        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2014-08-18 08:43 . 2014-08-18 08:43        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2014-08-18 08:43 . 2014-08-18 08:43        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2014-08-18 08:43 . 2014-08-18 08:43        101376        ----a-w-        c:\windows\system32\inseng.dll
2014-08-18 08:43 . 2014-08-18 08:43        774144        ----a-w-        c:\windows\system32\jscript.dll
2014-08-18 08:43 . 2014-08-18 08:43        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2014-08-18 08:43 . 2014-08-18 08:43        48128        ----a-w-        c:\windows\system32\imgutil.dll
2014-08-18 08:43 . 2014-08-18 08:43        167424        ----a-w-        c:\windows\system32\iexpress.exe
2014-08-18 08:43 . 2014-08-18 08:43        147968        ----a-w-        c:\windows\system32\occache.dll
2014-08-18 08:43 . 2014-08-18 08:43        143872        ----a-w-        c:\windows\system32\wextract.exe
2014-08-18 08:43 . 2014-08-18 08:43        13824        ----a-w-        c:\windows\system32\mshta.exe
2014-08-18 08:43 . 2014-08-18 08:43        135680        ----a-w-        c:\windows\system32\iepeers.dll
2014-08-18 08:42 . 2014-08-18 08:42        878080        ----a-w-        c:\windows\system32\advapi32.dll
2014-08-18 08:42 . 2014-08-18 08:42        859648        ----a-w-        c:\windows\system32\tdh.dll
2014-08-18 08:42 . 2014-08-18 08:42        640512        ----a-w-        c:\windows\SysWow64\advapi32.dll
2014-08-18 08:42 . 2014-08-18 08:42        619520        ----a-w-        c:\windows\SysWow64\tdh.dll
2014-08-18 08:42 . 2014-08-18 08:42        1732032        ----a-w-        c:\windows\system32\ntdll.dll
2014-08-18 08:42 . 2014-08-18 08:42        1292192        ----a-w-        c:\windows\SysWow64\ntdll.dll
2014-08-18 08:42 . 2014-08-18 08:42        327168        ----a-w-        c:\windows\system32\mswsock.dll
2014-08-18 08:42 . 2014-08-18 08:42        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll
2014-08-18 08:42 . 2014-08-18 08:42        68608        ----a-w-        c:\windows\system32\taskhost.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-07 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-17 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-07 311616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update neurowise;Update neurowise;c:\program files (x86)\neurowise\updateneurowise.exe;c:\program files (x86)\neurowise\updateneurowise.exe [x]
S2 Util neurowise;Util neurowise;c:\program files (x86)\neurowise\bin\utilneurowise.exe;c:\program files (x86)\neurowise\bin\utilneurowise.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UXLIQPOB
*Deregistered* - uxliqpob
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-17 19:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-17 16:14        634872        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-08-17 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-08-17 2207848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ecosia.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 82.209.169.71 82.209.169.72
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} - (no file)
BHO-{d08ab008-0647-4784-8e2c-5769cd4a7c3a} - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-12  22:06:36
ComboFix-quarantined-files.txt  2014-10-12 20:06
.
Vor Suchlauf: 9 Verzeichnis(se), 32.722.542.592 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.611.659.776 Bytes frei
.
- - End Of File - - A8009D2D778E4258386AA5BB6AF0F816

schrauber 13.10.2014 15:48
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Cisco12 13.10.2014 18:33
Alles gemacht. (Beim ersten Start des PCs heute war übrigens wieder eine Warnung von "Advanced-System Protector" da...also war es noch da)

Beim Download von ADW-Cleaner hat avast! das zuerst blockiert, also hab ich ihn ausgeschaltet, dann ist es gegangen.

mbam log:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.10.2014
Suchlauf-Zeit: 18:49:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.13.05
Rootkit Datenbank: v2014.10.11.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 361195
Verstrichene Zeit: 5 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\utilneurowise.exe, 3184, Löschen bei Neustart, [8dac40d44834ec4aa19e1796f50cf20e]
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe, 3284, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749]

Module: 7
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\aspsys.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Microsoft.Win32.TaskScheduler.DLL, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Data.SQLite.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unrar.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.FileSystem.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Zip.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],

Registrierungsschlüssel: 25
PUP.Optional.Neurowise.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util neurowise, In Quarantäne, [8dac40d44834ec4aa19e1796f50cf20e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [8dac908490ece35386631abac04205fb],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [8dac908490ece35386631abac04205fb],
PUP.Optional.SaveSence.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2E32CFE5-DF92-4AE5-B0BE-609ED0DF74A6}, In Quarantäne, [3ffa789c205c999d905c5647fc0624dc],
PUP.Optional.SaveSence.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2E32CFE5-DF92-4AE5-B0BE-609ED0DF74A6}, In Quarantäne, [3ffa789c205c999d905c5647fc0624dc],
PUP.Optional.SaveSence.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2E32CFE5-DF92-4AE5-B0BE-609ED0DF74A6}, In Quarantäne, [3ffa789c205c999d905c5647fc0624dc],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D08AB008-0647-4784-8E2C-5769CD4A7C3A}, In Quarantäne, [3efbb1636d0f43f3cf573466ed15ba46],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D08AB008-0647-4784-8E2C-5769CD4A7C3A}, In Quarantäne, [3efbb1636d0f43f3cf573466ed15ba46],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D08AB008-0647-4784-8E2C-5769CD4A7C3A}, In Quarantäne, [3efbb1636d0f43f3cf573466ed15ba46],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{724DD777-5654-4D06-B3BC-C2FF56615998}, In Quarantäne, [56e3c351cbb1a294cc726449b44d43bd],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E693A372-A8D4-4CBD-B011-66358BEA2F48}, In Quarantäne, [56e3c351cbb1a294cc726449b44d43bd],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E693A372-A8D4-4CBD-B011-66358BEA2F48}, In Quarantäne, [56e3c351cbb1a294cc726449b44d43bd],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{724DD777-5654-4D06-B3BC-C2FF56615998}, In Quarantäne, [56e3c351cbb1a294cc726449b44d43bd],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\neurowise, In Quarantäne, [9b9e9c78e9933600b86f68b9df247888],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\SaveSense, In Quarantäne, [74c51004215b73c3fc5b541dd430817f],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced-System Protector, In Quarantäne, [0e2b120294e8280e9abc2eee28db59a7],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [60d95fb56c100b2b27a0988e33d08c74],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [28116ba9601cdd5951ccc95e63a0827e],
PUP.Optional.Neurowise.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update neurowise, In Quarantäne, [2b0ef420ff7db48209200a17c93ada26],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\neurowise, In Quarantäne, [6ccdfe1699e382b4bf695bc6da294fb1],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, In Quarantäne, [bc7d8e86adcf1d193d17ec850df7c33d],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced-System Protector, In Quarantäne, [f5445eb67804f343fe595bc1887bc23e],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [1128ff154a32cf6783bacb9dc73dcb35],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2175078040-2326866684-2893729699-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [d16851c34f2d2e08d14b62c5897a4bb5],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 23
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise, Löschen bei Neustart, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin, Löschen bei Neustart, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\images, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\defaults, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\defaults\preferences, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.13722, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.13827, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\Logs, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],

Dateien: 181
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\utilneurowise.exe, Löschen bei Neustart, [8dac40d44834ec4aa19e1796f50cf20e],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\neurowisebho.dll, In Quarantäne, [56e3c351cbb1a294cc726449b44d43bd],
PUP.Optional.RegCleanPro, C:\Windows\System32\roboot64.exe, In Quarantäne, [cd6c878d2f4d0b2b8c5efeb2679a2ad6],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, In Quarantäne, [0b2e0c087dff989eebfe38780ff226da],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced-System Protector_startup, In Quarantäne, [77c215ff136970c63b8bb963ea19e61a],
PUP.Optional.Neurowise.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{fe651286-52a1-461b-a17a-f258b4b81968}.xpi, In Quarantäne, [1524b85c91eb65d1da512cf1e221827e],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\RegClean Pro, In Quarantäne, [47f20e06374563d36905fb242cd741bf],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, In Quarantäne, [db5ecf45fb811d199bd4120d5ba80ef2],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\neurowise.ico, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\0, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\updateneurowise.InstallState, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\sqlite3.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\utilneurowise.InstallState, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins\neurowise.BOAS.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins\neurowise.Bromon.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins\neurowise.BroStats.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins\neurowise.CompatibilityChecker.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins\neurowise.FFUpdate.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.Neurowise.A, C:\Program Files (x86)\neurowise\bin\plugins\neurowise.IEUpdate.dll, In Quarantäne, [bc7de33195e7bf77e73fec3558ab10f0],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe.config, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\norwegian_asp_NO.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AppResource.dll, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\asp.ico, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AspManager.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\aspsys.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\ASPUninstall.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\categories.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_asp_ZH-CN.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\danish_asp_DA.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Danish_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\dutch_asp_NL.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Dutch_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_asp_en.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\filetypehelper.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_asp_FI.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_uninst_fi.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\french_asp_FR.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\French_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\german_asp_DE.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\German_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Norwegian_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\polish_uninst_pl.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portugese_uninst_pt.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portuguese_asp_PT-BR.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Portuguese_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_asp_ru.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_uninst_ru.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\scandll.dll, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_asp_ES.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_asp_SV.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\greek_uninst_el.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Interop.IWshRuntimeLibrary.dll, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\italian_asp_IT.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Italian_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\japanese_asp_JA.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Japanese_uninst.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\korean_uninst_ko.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\loading_withWhiteBG.avi, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Microsoft.Win32.TaskScheduler.DLL, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Core.dll, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Data.SQLite.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\TPS.ico, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\traditionalcn_uninst_zh-tw.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Turkish_uninst_tr.ini, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.dat, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.msg, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unrar.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.Formats.dll, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.FileSystem.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Zip.dll, Löschen bei Neustart, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\clamscan.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\libclamav.dll, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\readme.txt, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\ASP-Troubleshooter.chm, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\firefox.com, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.exe, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.lnk, In Quarantäne, [75c4ef25ef8db2848e42cbb9857fb749],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\FileList.rcp, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\CleanSchedule.exe, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_rcp_ko.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_uninst_ko.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\LicMgr.dll, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_rcp_pl.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_uninst_pl.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_rcp_pt.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_uninst_pt.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RCPUninstall.exe, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_rcp_el.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_uninst_el.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\install_left_image.bmp, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\isxdl.dll, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegCleanPro.exe, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegList.rcp, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_rcp_ru.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_uninst_ru.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Spanish_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\spanish_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Swedish_rcp.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\swedish_uninst.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\systweakasp.exe, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TPS.ico, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\turkish_rcp_tr.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.dat, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.exe, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.msg, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\xmllite.dll, In Quarantäne, [81b8fd172f4df2444191a5dfd430a65a],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup3.bin, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_10-09-2014.log, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.RegCleanerPro.A, C:\Users\****\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [ca6f5cb8116ba69099251fc9659d8779],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\chrome.manifest, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\install.rdf, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\savesense.xul, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\content\images\icon32.png, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.SaveSense.A, C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}\defaults\preferences\defaults.js, In Quarantäne, [7ebb9a7ad4a8e155ac489b52ef137d83],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\AddonSafelist, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\log.xslt, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\completedatabase.db, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Cookies.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\DigSign.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FilePathFIX.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FilePaths.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FileSignature.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Folders.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Md5.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Registry.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\SetupSign.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\StrSetupSign.bin, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\100oupdate.zip, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1971completedatabase.zip, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1985mupdate.zip, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1986update.zip, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1987update.zip, In Quarantäne, [3cfd48cc92ea61d5118e60ab63a0c937],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\ASPStartupManagerErrorLog.txt, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\QDetail.db, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\Settings.db, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\Update.ini, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.13827\ASPLog.txt, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\Logs\log_12-10-14_07-24-37.xml, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\****\AppData\Roaming\Systweak\Advanced-System Protector\Logs\SMLog.xml, In Quarantäne, [a4957e9656266fc72e7154b7956eba46],

Physische Sektoren: 0
(No malicious items detected)


(end)
ADW-Cleaner log:
Code:
# AdwCleaner v4.000 - Bericht erstellt am 13/10/2014 um 19:05:11
# DB v2014-10-13.4
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzername : *** - ***-PC
# Gestartet von : C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWXRS5OL\AdwCleaner_4.000 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\***\AppData\Roaming\ASP
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default\user.js

***** [ Tasks ] *****

Task Gelöscht : advanced-System Protector_startup
Task Gelöscht : ASP
Task Gelöscht : RegClean Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v31.0 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2587 octets] - [13/10/2014 19:03:31]
AdwCleaner[S0].txt - [2386 octets] - [13/10/2014 19:05:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2446 octets] ##########
JRT log:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Enterprise x64
Ran by smayer on 13.10.2014 at 19:09:19,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.10.2014 at 19:14:14,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Neues FRST log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by *** (administrator) on ***-PC on 13-10-2014 19:30:51
Running from C:\Users\***\Desktop
Loaded Profiles: *** & UpdatusUser (Available profiles: *** & UpdatusUser)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2014-08-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2014-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-17] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2175078040-2326866684-2893729699-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2175078040-2326866684-2893729699-1001\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241984 2011-11-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-27] (NVIDIA Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E01AA8233BACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {10144D35-573A-49C8-9C44-8414ADC861FA} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\***\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-17]

Chrome:
=======
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-17] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 19:30 - 2014-10-13 19:30 - 02110464 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-10-13 19:14 - 2014-10-13 19:14 - 00000696 _____ () C:\Users\***\Desktop\JRT.txt
2014-10-13 19:09 - 2014-10-13 19:09 - 00000000 ____D () C:\Windows\ERUNT
2014-10-13 19:06 - 2014-10-13 19:06 - 00002516 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-10-13 19:03 - 2014-10-13 19:05 - 00000000 ____D () C:\AdwCleaner
2014-10-13 18:58 - 2014-10-13 19:07 - 00036674 _____ () C:\Users\***\Desktop\mbam.txt
2014-10-13 18:48 - 2014-10-13 19:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 18:48 - 2014-10-13 18:48 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 18:48 - 2014-10-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 18:48 - 2014-10-13 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-13 18:48 - 2014-10-13 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-13 18:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-13 18:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-13 18:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 22:14 - 2014-10-12 22:14 - 00029029 _____ () C:\Users\***\Desktop\combofix.txt
2014-10-12 22:06 - 2014-10-12 22:06 - 00029101 _____ () C:\ComboFix.txt
2014-10-12 21:59 - 2014-10-12 22:06 - 00000000 ____D () C:\Qoobox
2014-10-12 21:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-12 21:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-12 21:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-12 21:58 - 2014-10-12 22:05 - 00000000 ____D () C:\Windows\erdnt
2014-10-12 21:56 - 2014-10-12 21:56 - 05582915 _____ (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-10-12 21:48 - 2014-10-13 18:39 - 00000000 ____D () C:\Program Files\Google
2014-10-12 21:48 - 2014-10-13 18:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-12 21:48 - 2014-10-12 21:51 - 00000000 ____D () C:\Users\***\AppData\Local\Google
2014-10-12 21:48 - 2014-10-12 21:51 - 00000000 ____D () C:\ProgramData\Google
2014-10-12 20:30 - 2014-10-12 20:30 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.txt
2014-10-12 20:28 - 2014-10-12 20:33 - 00015562 _____ () C:\Users\***\Desktop\GMER.txt
2014-10-12 20:12 - 2014-10-12 20:33 - 00020187 _____ () C:\Users\***\Desktop\Addition.txt
2014-10-12 20:11 - 2014-10-13 19:30 - 00011398 _____ () C:\Users\***\Desktop\FRST.txt
2014-10-12 20:07 - 2014-10-13 19:30 - 00000000 ____D () C:\FRST
2014-10-12 20:03 - 2014-10-12 20:03 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 _____ () C:\Users\***\defogger_reenable
2014-10-10 10:45 - 2014-10-13 19:05 - 00059914 _____ () C:\Windows\PFRO.log
2014-10-10 10:45 - 2014-10-13 19:05 - 00000392 _____ () C:\Windows\setupact.log
2014-10-10 10:45 - 2014-10-10 10:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 10:45 - 2014-10-10 10:45 - 00109296 _____ () C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-10 10:45 - 2014-10-10 10:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-10 00:34 - 2014-10-10 00:34 - 00000000 ____D () C:\Users\***\AppData\Roaming\TeamViewer
2014-10-10 00:09 - 2014-10-10 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-10 00:07 - 2014-10-10 00:07 - 00000000 ____D () C:\Users\***\AppData\Local\MediaMonkey
2014-10-10 00:06 - 2014-10-10 00:09 - 00000000 ____D () C:\Users\***\AppData\Roaming\MediaMonkey
2014-10-09 23:55 - 2014-10-09 23:55 - 00000000 ____D () C:\Users\***\AppData\Local\Macroplant,_LLC
2014-10-09 23:54 - 2014-10-10 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-09 23:54 - 2014-10-10 00:45 - 00000000 ____D () C:\Program Files (x86)\Sharepod
2014-10-09 23:27 - 2014-10-09 23:27 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files\iPod
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-01 10:01 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:01 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 13:08 - 2014-09-28 13:08 - 00000000 ____D () C:\Users\***\Documents\Advanced Macro
2014-09-24 14:27 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 14:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 19:18 - 2014-10-10 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ___RD () C:\Program Files (x86)\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 19:12 - 2009-07-14 07:13 - 01400806 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 19:12 - 2009-07-14 06:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 19:12 - 2009-07-14 06:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 19:07 - 2014-08-18 10:54 - 00000000 ___RD () C:\Users\***\Dropbox
2014-10-13 19:07 - 2014-08-17 18:08 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-10-13 19:05 - 2014-08-17 18:41 - 01133075 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 19:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 18:55 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-10-12 23:37 - 2014-08-17 18:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 22:11 - 2014-08-17 18:15 - 00002016 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-12 22:11 - 2014-08-17 17:57 - 00000872 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-12 22:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-12 22:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 21:49 - 2014-08-17 18:24 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-10-12 21:48 - 2014-08-17 18:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 21:48 - 2014-08-17 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-12 21:48 - 2014-08-17 18:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-12 20:03 - 2014-08-17 17:40 - 00000000 ____D () C:\Users\***
2014-10-10 11:27 - 2014-08-17 18:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-10-10 01:06 - 2014-08-17 18:10 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-10 01:02 - 2014-08-17 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-10 01:02 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\Panther
2014-10-10 00:51 - 2014-08-17 18:10 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-10 00:51 - 2014-08-17 18:10 - 00000000 ____D () C:\ProgramData\Skype
2014-10-10 00:13 - 2014-08-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-09 23:45 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\***\AppData\Roaming\Apple Computer
2014-10-09 11:23 - 2014-08-30 19:43 - 00000000 ____D () C:\Users\***\Documents\Lund University
2014-10-06 16:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 13:51 - 2014-08-17 18:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-26 19:53 - 2014-08-17 18:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-20 15:44 - 2014-08-17 18:22 - 00000000 ____D () C:\Users\***\AppData\Local\Microsoft Help
2014-09-19 12:41 - 2014-08-17 18:15 - 00001029 _____ () C:\Users\***\Desktop\Dropbox.lnk
2014-09-19 12:41 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-16 20:42 - 2014-08-30 23:12 - 00000000 ____D () C:\Windows\rescache
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 23:32 - 2014-08-19 21:08 - 00000000 ____D () C:\Users\***\AppData\Local\Viber
2014-09-14 23:15 - 2014-08-19 21:08 - 00000000 ____D () C:\Users\***\AppData\Roaming\ViberPC

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfj8kqa.dll
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-08 10:35

==================== End Of Log ============================
--- --- ---

schrauber 14.10.2014 12:42

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Cisco12 14.10.2014 21:22
Übrigens habe ich bei diesem Neustart keine Meldung mehr von Advanced-System Protector bekommen, aber wenn ich in der Symbolleiste auf "Ausgeblendete Symbole anzeigen" klicke und dann auf anpassen, dann ist da bei Symbolen sowohl Advanced-System Protector (hier steht "läuft im Hintergrund" dabei), als auch RegClean Pro und MediaMonkey noch vorhanden.

Hier sind die neuen Log-Files. Wie schon vorher beschrieben findet sich Advanced-System Protector, RegClean Pro und MediaMonkey noch immer bei den Symbolen in der Symbolleiste.

Eset file 1 (hab es zweimal rennen lassen, da ich mehrere USB-Sticks, etc hatte):
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c584eeb73d9cf24299bba5af57dd9fe6
# engine=20589
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-14 02:44:39
# local_time=2014-10-14 04:44:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 960484 5005804 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 63221 164927729 0 0
# scanned=353272
# found=0
# cleaned=0
# scan_time=3946
Eset 2:
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c584eeb73d9cf24299bba5af57dd9fe6
# engine=20589
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-14 02:44:39
# local_time=2014-10-14 04:44:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 960484 5005804 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 63221 164927729 0 0
# scanned=353272
# found=0
# cleaned=0
# scan_time=3946
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c584eeb73d9cf24299bba5af57dd9fe6
# engine=20589
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-14 03:13:22
# local_time=2014-10-14 05:13:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 962207 5007527 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3635 164929452 0 0
# scanned=163828
# found=0
# cleaned=0
# scan_time=1344
Security check:
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.152 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
neues FRST log:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by s*** (administrator) on S***-PC on 14-10-2014 22:20:30
Running from C:\Users\s***\Desktop
Loaded Profiles: s*** & UpdatusUser (Available profiles: s*** & UpdatusUser)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\s***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2014-08-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2014-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-17] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2175078040-2326866684-2893729699-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2175078040-2326866684-2893729699-1001\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241984 2011-11-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-27] (NVIDIA Corporation)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\s***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E01AA8233BACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {10144D35-573A-49C8-9C44-8414ADC861FA} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72

FireFox:
========
FF ProfilePath: C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\vi2usry4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\s***\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-17]

Chrome:
=======
CHR Profile: C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-17] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 22:15 - 2014-10-14 22:15 - 00854417 _____ () C:\Users\s***\Desktop\SecurityCheck.exe
2014-10-14 17:14 - 2014-10-14 17:14 - 00001745 _____ () C:\Users\s***\Desktop\ESET2.txt
2014-10-14 16:47 - 2014-10-14 16:47 - 00000951 _____ () C:\Users\s***\Desktop\ESET1.txt
2014-10-13 19:30 - 2014-10-13 19:30 - 02110464 _____ (Farbar) C:\Users\s***\Desktop\FRST64.exe
2014-10-13 19:14 - 2014-10-13 19:14 - 00000696 _____ () C:\Users\s***\Desktop\JRT.txt
2014-10-13 19:09 - 2014-10-13 19:09 - 00000000 ____D () C:\Windows\ERUNT
2014-10-13 19:06 - 2014-10-13 19:06 - 00002516 _____ () C:\Users\s***\Desktop\AdwCleaner[S0].txt
2014-10-13 19:03 - 2014-10-13 19:05 - 00000000 ____D () C:\AdwCleaner
2014-10-13 18:58 - 2014-10-13 19:07 - 00036674 _____ () C:\Users\s***\Desktop\mbam.txt
2014-10-13 18:48 - 2014-10-14 22:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 18:48 - 2014-10-13 22:59 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 18:48 - 2014-10-13 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 18:48 - 2014-10-13 22:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-13 18:48 - 2014-10-13 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-13 18:48 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-13 18:48 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-13 18:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 22:14 - 2014-10-12 22:14 - 00029029 _____ () C:\Users\s***\Desktop\combofix.txt
2014-10-12 22:06 - 2014-10-12 22:06 - 00029101 _____ () C:\ComboFix.txt
2014-10-12 21:59 - 2014-10-12 22:06 - 00000000 ____D () C:\Qoobox
2014-10-12 21:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-12 21:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-12 21:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-12 21:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-12 21:58 - 2014-10-12 22:05 - 00000000 ____D () C:\Windows\erdnt
2014-10-12 21:56 - 2014-10-12 21:56 - 05582915 _____ (Swearware) C:\Users\s***\Desktop\ComboFix.exe
2014-10-12 21:48 - 2014-10-13 18:39 - 00000000 ____D () C:\Program Files\Google
2014-10-12 21:48 - 2014-10-13 18:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-12 21:48 - 2014-10-12 21:51 - 00000000 ____D () C:\Users\s***\AppData\Local\Google
2014-10-12 21:48 - 2014-10-12 21:51 - 00000000 ____D () C:\ProgramData\Google
2014-10-12 20:30 - 2014-10-12 20:30 - 00000474 _____ () C:\Users\s***\Desktop\defogger_disable.txt
2014-10-12 20:28 - 2014-10-12 20:33 - 00015562 _____ () C:\Users\s***\Desktop\GMER.txt
2014-10-12 20:12 - 2014-10-12 20:33 - 00020187 _____ () C:\Users\s***\Desktop\Addition.txt
2014-10-12 20:11 - 2014-10-14 22:20 - 00011740 _____ () C:\Users\s***\Desktop\FRST.txt
2014-10-12 20:07 - 2014-10-14 22:20 - 00000000 ____D () C:\FRST
2014-10-12 20:03 - 2014-10-12 20:03 - 00000474 _____ () C:\Users\s***\Desktop\defogger_disable.log
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 _____ () C:\Users\s***\defogger_reenable
2014-10-10 10:45 - 2014-10-14 22:10 - 00060756 _____ () C:\Windows\PFRO.log
2014-10-10 10:45 - 2014-10-14 22:10 - 00000504 _____ () C:\Windows\setupact.log
2014-10-10 10:45 - 2014-10-10 10:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 10:45 - 2014-10-10 10:45 - 00109296 _____ () C:\Users\s***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-10 10:45 - 2014-10-10 10:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-10 00:34 - 2014-10-10 00:34 - 00000000 ____D () C:\Users\s***\AppData\Roaming\TeamViewer
2014-10-10 00:09 - 2014-10-10 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-10 00:07 - 2014-10-10 00:07 - 00000000 ____D () C:\Users\s***\AppData\Local\MediaMonkey
2014-10-10 00:06 - 2014-10-10 00:09 - 00000000 ____D () C:\Users\s***\AppData\Roaming\MediaMonkey
2014-10-09 23:55 - 2014-10-09 23:55 - 00000000 ____D () C:\Users\s***\AppData\Local\Macroplant,_LLC
2014-10-09 23:54 - 2014-10-10 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-09 23:54 - 2014-10-10 00:45 - 00000000 ____D () C:\Program Files (x86)\Sharepod
2014-10-09 23:27 - 2014-10-09 23:27 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files\iPod
2014-10-09 23:27 - 2014-10-09 23:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-01 10:01 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:01 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 13:08 - 2014-09-28 13:08 - 00000000 ____D () C:\Users\s***\Documents\Advanced Macro
2014-09-24 14:27 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 14:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 19:18 - 2014-10-10 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ___RD () C:\Program Files (x86)\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 22:17 - 2009-07-14 06:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 22:17 - 2009-07-14 06:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 22:14 - 2009-07-14 07:13 - 01400806 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-14 22:13 - 2014-08-17 18:41 - 01194935 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 22:11 - 2014-08-18 10:54 - 00000000 ___RD () C:\Users\s***\Dropbox
2014-10-14 22:11 - 2014-08-17 18:08 - 00000000 ____D () C:\Users\s***\AppData\Roaming\Dropbox
2014-10-14 22:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 16:37 - 2014-08-17 18:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 20:13 - 2014-08-30 23:12 - 00000000 ____D () C:\Windows\rescache
2014-10-13 18:55 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-10-12 22:11 - 2014-08-17 18:15 - 00002016 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-12 22:11 - 2014-08-17 17:57 - 00000872 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-12 22:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-12 22:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 21:49 - 2014-08-17 18:24 - 00000000 ____D () C:\Users\s***\AppData\Local\Adobe
2014-10-12 21:48 - 2014-08-17 18:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 21:48 - 2014-08-17 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-12 21:48 - 2014-08-17 18:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-12 20:03 - 2014-08-17 17:40 - 00000000 ____D () C:\Users\s***
2014-10-10 11:27 - 2014-08-17 18:01 - 00000000 ____D () C:\Users\s***\AppData\Roaming\vlc
2014-10-10 01:06 - 2014-08-17 18:10 - 00000000 ____D () C:\Users\s***\AppData\Roaming\Skype
2014-10-10 01:02 - 2014-08-17 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-10 01:02 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\Panther
2014-10-10 00:51 - 2014-08-17 18:10 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-10 00:51 - 2014-08-17 18:10 - 00000000 ____D () C:\ProgramData\Skype
2014-10-10 00:13 - 2014-08-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-09 23:45 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\s***\AppData\Roaming\Apple Computer
2014-10-09 11:23 - 2014-08-30 19:43 - 00000000 ____D () C:\Users\s***\Documents\Lund University
2014-10-06 16:21 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 13:51 - 2014-08-17 18:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-26 19:53 - 2014-08-17 18:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-20 15:44 - 2014-08-17 18:22 - 00000000 ____D () C:\Users\s***\AppData\Local\Microsoft Help
2014-09-19 12:41 - 2014-08-17 18:15 - 00001029 _____ () C:\Users\s***\Desktop\Dropbox.lnk
2014-09-19 12:41 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 23:32 - 2014-08-19 21:08 - 00000000 ____D () C:\Users\s***\AppData\Local\Viber
2014-09-14 23:15 - 2014-08-19 21:08 - 00000000 ____D () C:\Users\s***\AppData\Roaming\ViberPC

Some content of TEMP:
====================
C:\Users\s***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf2orv9.dll
C:\Users\s***\AppData\Local\Temp\Quarantine.exe
C:\Users\s***\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-08 10:35

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 15.10.2014 18:33
Zitat:
Übrigens habe ich bei diesem Neustart keine Meldung mehr von Advanced-System Protector bekommen, aber wenn ich in der Symbolleiste auf "Ausgeblendete Symbole anzeigen" klicke und dann auf anpassen, dann ist da bei Symbolen sowohl Advanced-System Protector (hier steht "läuft im Hintergrund" dabei), als auch RegClean Pro und MediaMonkey noch vorhanden.
Das sind nur Reste. Windows bereinigt diese Anzeige von alleine nach ein paar Reboots.


Sonst noch Probleme?

Cisco12 16.10.2014 00:02
Ah okay, danke! :)

Ich hatte noch unter Programme ein paar "Advanced-System Protector" Dinge, aber wenn ihr daraufgeklickt habe ist eine Meldung gekommen, dass die Datei verschoben oder gelöscht wurde und ob ich die Verknüpfung löschen will und da habe ich dann auf "OK" geklickt. Jetzt ist das auch weg.

Also sonst habe ich keine Probleme mehr - nur noch eine Frage: Malwarebytes sagt mir immer, dass es ausgeschalten ist - soll ich das irgendwie ändern bzw. kann ich Malwarebytes, Combofix und SecurityCheck jetzt wieder entfernen? Wenn ja - wie mache ich das am Besten, einfach löschen?

Vielen, vielen Dank! :)

schrauber 16.10.2014 18:32
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Cisco12 16.10.2014 23:05
Hallo,

vielen Dank für die Hilfe!
Habe alles (de-)installiert, allerdings verstehe ich nicht, was ich mit "WinPatrol" anfangen soll. Gibt es hierzu vielleicht auch einen Tutorial Link?
Und ich habe mit jetzt auch Opera heruntergeladen, allerdings öffnen sich dort Pop-ups immer noch und in den Einstellungen steht, dass alle blockiert werden. Dafür verwendet Opera auch JavaScript und Plug-ins. Sollte ich da bei den Einstellungen etwas anderes einstellen? Oder doch einfach lieber Firefox benutzen?

Danke :)

schrauber 17.10.2014 20:19
ICh würde Firefox nutzen. Zu WInpatrol gibt es nix deutsches, leider, das Tool ist aber auch nit so wichtig.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132