Danke für die Antwort.
hier die frst:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Kemenate (administrator) on ASUS on 12-03-2014 12:54:07
Running from C:\Users\Kemenate\Desktop\x
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TorchMedia Inc.) C:\Users\Kemenate\AppData\Local\Torch\Update\TorchCrashHandler.exe
() C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
() C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(Bandoo Media Inc.) C:\Users\Kemenate\AppData\Local\iLivid\iLivid.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Pay By Ads LTD) C:\Users\Kemenate\AppData\Local\playnowradio\playnowradio\1.3.4.1\playnowradio.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(installdaddy) C:\program files (x86)\putlockerdownloader v6.0\putlockerdownloader v6.0-bg.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172600 2014-01-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1207578583-2813521856-3057339103-1001\...\Run: [iLivid] - C:\Users\Kemenate\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-08] (Bandoo Media Inc.)
HKU\S-1-5-21-1207578583-2813521856-3057339103-1001\...\Run: [playnowradio] - C:\Users\Kemenate\AppData\Local\playnowradio\playnowradio\1.3.4.1\playnowradio.exe [382976 2014-02-03] (Pay By Ads LTD)
HKU\S-1-5-21-1207578583-2813521856-3057339103-1001\...\MountPoints2: {412134ff-e336-11e2-be73-74d02b487ac5} - "E:\AutoRun.exe"
HKU\S-1-5-21-1207578583-2813521856-3057339103-1001\...\MountPoints2: {4e71ec99-eef7-11e2-be81-00a0c6000000} - "E:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1207578583-2813521856-3057339103-1001\...\MountPoints2: {4e71ecce-eef7-11e2-be81-00a0c6000000} - "E:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1207578583-2813521856-3057339103-1001\...\MountPoints2: {74c68b28-9a25-11e3-beb8-00a0c6000000} - "E:\AutoRun.exe"
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs-x32: C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1154&systemid=406&v=n11551-257&apn_uid=4230128944424133&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1154&systemid=406&v=n11551-257&apn_uid=4230128944424133&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {2121225E-4BC3-40D9-9CD2-A4D2446A96AB} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2121225E-4BC3-40D9-9CD2-A4D2446A96AB} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1154&systemid=406&v=n11551-257&apn_uid=4230128944424133&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {CE7BCED7-14E0-4CD8-A0CD-936203B1CFF4} URL = hxxp://www.search.ask.com/web?tpid=CME-V7&o=APN11293&pf=&p2=%5EB7N%5EYYYYYY%5EYY%5EAT&gct=&itbv=12.7.0.2278&apn_uid=6CDC281C-4F74-4626-96EF-8013B137BBDD&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EAT&apn_dbr=iexplore.exe_6_10.0.9200.16537&doi=2013-11-20&trgb=IE&q={searchTerms}&psv=barid%253D158934965359759466331255829792106217472%2526cargo%253DCME%252DV7%2526spr%253Da%2526did%253D10717%2526ppd%253D
BHO: PutLockerDownloader V6.0 - {11111111-1111-1111-1111-110411591162} - C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-bho64.dll (installdaddy)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
BHO-x32: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll (SaveSense)
BHO-x32: SecretSauce - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll (SecretSauce)
BHO-x32: PutLockerDownloader V6.0 - {11111111-1111-1111-1111-110411591162} - C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-bho.dll (installdaddy)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport.dll (APN LLC.)
BHO-x32: SecretSauce - {51c78168-ead3-43b1-abda-f288b583e6c0} - C:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll (SecretSauce)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKLM - Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
Toolbar: HKLM-x32 - Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKCU - Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport_x64.dll (APN LLC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.100.11 10.10.100.12
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (GoPhotoIt Chrome Extension) - C:\Users\Kemenate\AppData\Local\Google\Chrome\User Data\Default\Extensions\begbnpffhnpedhocnobliippgejhjpfp [2014-02-13]
CHR Extension: (SaveSense) - C:\Users\Kemenate\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2013-11-20]
CHR HKCU\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Kemenate\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx [2013-12-24]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [109112 2014-01-29] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-06] (Just Develop It)
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-11-20] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-11-20] (SaveSense)
R2 TorchCrashHandler; C:\Users\Kemenate\AppData\Local\Torch\Update\TorchCrashHandler.exe [1208832 2014-01-27] (TorchMedia Inc.)
R2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [112416 2014-03-07] ()
R2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [112416 2014-03-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
==================== Drivers (Whitelisted) ====================
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-04-02] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 tpfiltdev; C:\Windows\System32\drivers\tpfiltdev.sys [7424 2012-02-08] ()
S3 tpusbnet; C:\Windows\system32\DRIVERS\tpusbnet.sys [154112 2011-12-08] (QUALCOMM Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2011-12-08] (QUALCOMM Incorporated)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-12 12:53 - 2014-03-12 12:54 - 00000000 ____D () C:\FRST
2014-03-12 12:52 - 2014-03-12 12:54 - 00000000 ____D () C:\Users\Kemenate\Desktop\x
2014-03-08 08:01 - 2014-03-08 21:31 - 00000000 ____D () C:\Users\Kemenate\Documents\H
2014-03-04 19:58 - 2014-03-04 19:58 - 00000000 ___SD () C:\Users\Kemenate\Documents\Meine Datenquellen
2014-03-02 15:04 - 2014-03-08 16:45 - 00000000 ____D () C:\Users\Kemenate\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-26 17:23 - 2014-03-12 12:38 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-02-22 18:08 - 2014-03-12 12:49 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Kemenate Asus
2014-02-20 12:59 - 2014-02-20 12:59 - 00004024 _____ () C:\Windows\System32\Tasks\LaunchApp
2014-02-19 15:08 - 2014-02-19 15:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Avira
2014-02-14 10:23 - 2014-02-14 10:23 - 02002216 _____ (PC Drivers HeadQuarters) C:\Users\Kemenate\Downloads\DriverDetective.exe
2014-02-14 09:51 - 2013-12-18 09:32 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-14 09:51 - 2013-12-18 09:32 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-14 09:51 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-14 09:40 - 2014-02-14 09:40 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Kemenate\Downloads\avira_oe_client_antivirus_de (1).exe
2014-02-14 09:37 - 2014-02-14 09:50 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-02-14 09:36 - 2014-02-14 09:50 - 00000000 ____D () C:\ProgramData\Avira
2014-02-14 09:36 - 2014-02-14 09:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-14 09:36 - 2014-02-14 09:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-14 09:35 - 2014-02-14 09:35 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Kemenate\Downloads\avira_oe_client_antivirus_de.exe
2014-02-13 22:48 - 2014-02-13 22:48 - 00001975 _____ () C:\Users\Kemenate\Desktop\Sync Folder.lnk
2014-02-13 22:46 - 2014-02-25 22:48 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-13 22:46 - 2014-02-13 22:46 - 00001093 _____ () C:\Users\Kemenate\Desktop\MyPC Backup.lnk
2014-02-13 22:46 - 2014-02-13 22:46 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-13 21:22 - 2014-02-13 21:22 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Cool Mirage Ltd
2014-02-13 21:21 - 2014-03-11 02:14 - 00001426 _____ () C:\Users\Kemenate\Desktop\Play Now Radio.lnk
2014-02-13 21:21 - 2014-02-13 21:21 - 00003624 _____ () C:\Windows\System32\Tasks\Play Now Radio
2014-02-13 21:21 - 2014-02-13 21:21 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\playnowradio
2014-02-13 20:24 - 2014-02-13 20:24 - 00001272 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-13 20:24 - 2014-02-13 20:24 - 00001019 _____ () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-02-13 20:24 - 2014-02-13 20:24 - 00001011 _____ () C:\Users\Kemenate\Desktop\iLivid.lnk
2014-02-13 20:20 - 2014-02-13 20:20 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-02-13 20:20 - 2014-02-13 20:20 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-02-13 20:20 - 2014-02-13 20:20 - 00000000 ____D () C:\ProgramData\BitGuard
2014-02-13 19:54 - 2014-03-12 12:36 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-02-13 19:54 - 2014-02-13 19:55 - 00002196 _____ () C:\Users\Kemenate\Desktop\Facebook.lnk
2014-02-13 19:54 - 2014-02-13 19:55 - 00002192 _____ () C:\Users\Kemenate\Desktop\Youtube.lnk
2014-02-13 19:54 - 2014-02-13 19:55 - 00001374 _____ () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-02-13 19:54 - 2014-02-13 19:55 - 00001349 _____ () C:\Users\Kemenate\Desktop\Torch.lnk
2014-02-13 19:54 - 2014-02-13 19:54 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\TFP
2014-02-13 19:54 - 2014-02-13 19:54 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2014-02-13 19:54 - 2012-05-11 15:47 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2014-02-13 19:54 - 2012-05-11 15:47 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-02-13 19:54 - 2012-05-11 15:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2014-02-13 19:54 - 2012-05-11 15:47 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2014-02-13 19:54 - 2012-05-11 15:47 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2014-02-13 19:54 - 2012-05-11 15:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2014-02-13 19:53 - 2014-02-13 19:54 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\Torch
2014-02-13 19:45 - 2014-02-13 19:45 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-13 19:44 - 2014-02-13 19:44 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-02-13 19:43 - 2014-02-13 19:48 - 00000000 ____D () C:\ProgramData\Datamngr
2014-02-13 19:42 - 2014-02-13 20:24 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\iLivid
2014-02-13 00:09 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 00:09 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 23:56 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 23:56 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 23:56 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 23:56 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-12 23:56 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 23:56 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 23:56 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 23:56 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 23:56 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 23:56 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 23:56 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 23:56 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 23:56 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-12 23:55 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 23:54 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 23:54 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 23:54 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 23:54 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 23:54 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 23:54 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 23:47 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 23:47 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 23:45 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 23:45 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 23:45 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-12 23:45 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-12 23:45 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-12 23:41 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 23:41 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 23:41 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 23:41 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-12 12:54 - 2014-03-12 12:53 - 00000000 ____D () C:\FRST
2014-03-12 12:54 - 2014-03-12 12:52 - 00000000 ____D () C:\Users\Kemenate\Desktop\x
2014-03-12 12:49 - 2014-02-22 18:08 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Kemenate Asus
2014-03-12 12:39 - 2013-07-02 01:23 - 00000062 _____ () C:\Users\Kemenate\AppData\Roaming\sp_data.sys
2014-03-12 12:38 - 2014-02-26 17:23 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-12 12:38 - 2013-04-02 16:56 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2014-03-12 12:38 - 2013-04-02 16:55 - 00003052 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-03-12 12:38 - 2013-04-02 16:55 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
2014-03-12 12:38 - 2013-04-02 16:55 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
2014-03-12 12:38 - 2013-04-02 16:53 - 00003024 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2014-03-12 12:38 - 2013-04-02 16:52 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-03-12 12:37 - 2013-11-20 11:15 - 00001390 _____ () C:\Windows\Tasks\PutLockerDownloader V6.0-updater.job
2014-03-12 12:36 - 2014-02-13 19:54 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-03-12 12:36 - 2013-11-20 11:17 - 00000942 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-03-12 12:36 - 2013-11-20 11:15 - 00001192 _____ () C:\Windows\Tasks\PutLockerDownloader V6.0-enabler.job
2014-03-12 12:36 - 2013-11-20 11:14 - 00001282 _____ () C:\Windows\Tasks\PutLockerDownloader V6.0-codedownloader.job
2014-03-12 12:36 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 12:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-12 11:22 - 2013-11-20 11:17 - 00000946 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-12 11:17 - 2013-11-20 11:16 - 00000314 _____ () C:\Windows\Tasks\SaveSense.job
2014-03-12 08:04 - 2012-08-03 00:02 - 06453636 _____ () C:\Windows\system32\perfh007.dat
2014-03-12 08:04 - 2012-08-03 00:02 - 01863440 _____ () C:\Windows\system32\perfc007.dat
2014-03-12 08:04 - 2012-07-26 08:28 - 00005430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 02:14 - 2014-02-13 21:21 - 00001426 _____ () C:\Users\Kemenate\Desktop\Play Now Radio.lnk
2014-03-09 15:02 - 2013-11-21 21:16 - 00000292 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-03-09 15:01 - 2013-11-30 19:41 - 00001426 _____ () C:\Users\Kemenate\Desktop\Registry kostenlos entrümpeln!.lnk
2014-03-08 21:31 - 2014-03-08 08:01 - 00000000 ____D () C:\Users\Kemenate\Documents\H
2014-03-08 17:32 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-08 16:45 - 2014-03-02 15:04 - 00000000 ____D () C:\Users\Kemenate\Documents\Benutzerdefinierte Office-Vorlagen
2014-03-08 16:43 - 2013-07-02 01:21 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\Packages
2014-03-05 21:16 - 2013-11-21 21:16 - 00000300 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-03-04 19:58 - 2014-03-04 19:58 - 00000000 ___SD () C:\Users\Kemenate\Documents\Meine Datenquellen
2014-03-02 18:43 - 2013-07-02 01:21 - 00000000 ____D () C:\Users\Kemenate
2014-02-27 18:16 - 2013-11-20 11:16 - 00000000 ____D () C:\Program Files (x86)\SecretSauce
2014-02-25 22:48 - 2014-02-13 22:46 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-25 21:23 - 2013-07-02 01:21 - 01557204 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 12:19 - 2012-07-26 08:21 - 00157415 _____ () C:\Windows\setupact.log
2014-02-21 12:50 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-20 12:59 - 2014-02-20 12:59 - 00004024 _____ () C:\Windows\System32\Tasks\LaunchApp
2014-02-19 15:08 - 2014-02-19 15:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-18 21:21 - 2013-07-25 09:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 21:15 - 2013-07-07 03:32 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 23:03 - 2013-11-16 15:39 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-11-16 15:39 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 16:08 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-15 22:04 - 2012-08-02 14:24 - 00095010 _____ () C:\Windows\PFRO.log
2014-02-14 11:03 - 2014-02-14 11:03 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Avira
2014-02-14 10:23 - 2014-02-14 10:23 - 02002216 _____ (PC Drivers HeadQuarters) C:\Users\Kemenate\Downloads\DriverDetective.exe
2014-02-14 09:50 - 2014-02-14 09:37 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-02-14 09:50 - 2014-02-14 09:36 - 00000000 ____D () C:\ProgramData\Avira
2014-02-14 09:50 - 2014-02-14 09:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-14 09:44 - 2013-11-20 11:16 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\Google
2014-02-14 09:40 - 2014-02-14 09:40 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Kemenate\Downloads\avira_oe_client_antivirus_de (1).exe
2014-02-14 09:36 - 2014-02-14 09:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-14 09:35 - 2014-02-14 09:35 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Kemenate\Downloads\avira_oe_client_antivirus_de.exe
2014-02-14 00:16 - 2013-12-19 10:16 - 00000128 _____ () C:\Users\Kemenate\AppData\Roaming\WB.CFG
2014-02-14 00:16 - 2013-11-20 11:16 - 00002652 _____ () C:\Windows\System32\Tasks\SaveSense
2014-02-13 22:48 - 2014-02-13 22:48 - 00001975 _____ () C:\Users\Kemenate\Desktop\Sync Folder.lnk
2014-02-13 22:46 - 2014-02-13 22:46 - 00001093 _____ () C:\Users\Kemenate\Desktop\MyPC Backup.lnk
2014-02-13 22:46 - 2014-02-13 22:46 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-13 22:46 - 2013-07-02 01:23 - 00000000 ___RD () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-13 22:45 - 2013-11-21 21:16 - 00001056 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-02-13 22:45 - 2013-11-21 21:16 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Systweak
2014-02-13 22:45 - 2013-11-21 21:15 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-13 21:22 - 2014-02-13 21:22 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Cool Mirage Ltd
2014-02-13 21:21 - 2014-02-13 21:21 - 00003624 _____ () C:\Windows\System32\Tasks\Play Now Radio
2014-02-13 21:21 - 2014-02-13 21:21 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\playnowradio
2014-02-13 20:24 - 2014-02-13 20:24 - 00001272 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-13 20:24 - 2014-02-13 20:24 - 00001019 _____ () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2014-02-13 20:24 - 2014-02-13 20:24 - 00001011 _____ () C:\Users\Kemenate\Desktop\iLivid.lnk
2014-02-13 20:24 - 2014-02-13 19:42 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\iLivid
2014-02-13 20:20 - 2014-02-13 20:20 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-02-13 20:20 - 2014-02-13 20:20 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-02-13 20:20 - 2014-02-13 20:20 - 00000000 ____D () C:\ProgramData\BitGuard
2014-02-13 19:55 - 2014-02-13 19:54 - 00002196 _____ () C:\Users\Kemenate\Desktop\Facebook.lnk
2014-02-13 19:55 - 2014-02-13 19:54 - 00002192 _____ () C:\Users\Kemenate\Desktop\Youtube.lnk
2014-02-13 19:55 - 2014-02-13 19:54 - 00001374 _____ () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-02-13 19:55 - 2014-02-13 19:54 - 00001349 _____ () C:\Users\Kemenate\Desktop\Torch.lnk
2014-02-13 19:54 - 2014-02-13 19:54 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\TFP
2014-02-13 19:54 - 2014-02-13 19:54 - 00000000 ____D () C:\Users\Kemenate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2014-02-13 19:54 - 2014-02-13 19:53 - 00000000 ____D () C:\Users\Kemenate\AppData\Local\Torch
2014-02-13 19:48 - 2014-02-13 19:43 - 00000000 ____D () C:\ProgramData\Datamngr
2014-02-13 19:45 - 2014-02-13 19:45 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-13 19:44 - 2014-02-13 19:44 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\Kemenate\AppData\Local\Temp\avgnt.exe
C:\Users\Kemenate\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kemenate\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Kemenate\AppData\Local\Temp\Delta.exe
C:\Users\Kemenate\AppData\Local\Temp\DeltaTB.exe
C:\Users\Kemenate\AppData\Local\Temp\IMsetup.exe
C:\Users\Kemenate\AppData\Local\Temp\mfc80.dll
C:\Users\Kemenate\AppData\Local\Temp\mfc80u.dll
C:\Users\Kemenate\AppData\Local\Temp\mfcm80.dll
C:\Users\Kemenate\AppData\Local\Temp\mfcm80u.dll
C:\Users\Kemenate\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Kemenate\AppData\Local\Temp\msvcm80.dll
C:\Users\Kemenate\AppData\Local\Temp\msvcp80.dll
C:\Users\Kemenate\AppData\Local\Temp\msvcr80.dll
C:\Users\Kemenate\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Kemenate\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Kemenate\AppData\Local\Temp\OSU.exe
C:\Users\Kemenate\AppData\Local\Temp\Uninstaller.exe
C:\Users\Kemenate\AppData\Local\Temp\upd.exe
C:\Users\Kemenate\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Kemenate\AppData\Local\Temp\WSSetup.exe
C:\Users\Kemenate\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Kemenate\AppData\Local\Temp\WTGXMLUtil.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-09 09:26
==================== End Of Log ============================
--- --- ---
und die Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Kemenate at 2014-03-12 12:55:22
Running from C:\Users\Kemenate\Desktop\x
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12150 - Systweak Software) <==== ATTENTION
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Ask Toolbar (HKLM-x32\...\{434D452D-5637-006A-76A7-A758B70C0A03}) (Version: 12.10.3.4634 - APN, LLC) <==== ATTENTION
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUS X201 Product Demo (HKLM-x32\...\{996B0F67-53E5-437B-92A9-B40B36EE6F58}) (Version: 1.0.0 - ASUS)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Avira (HKLM-x32\...\{166a49c9-9f8d-4d64-a131-ff053b76a081}) (Version: 1.0.5142.23462 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5142.23462 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.91 - Broadcom Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4286 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbar181IE) (Version: 1.8.1.0 - IAC Search and Media) <==== ATTENTION
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Play Now Radio (HKCU\...\playnowradio) (Version: - playnowradio) <==== ATTENTION
PutLockerDownloader (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - PutLockerDownloader.com) <==== ATTENTION
PutLockerDownloader V6.0 (HKLM-x32\...\PutLockerDownloader V6.0) (Version: 1.30.153.0 - installdaddy) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
SaveSense (HKCU\...\SaveSense) (Version: - ) <==== ATTENTION
SaveSense (remove only) (HKLM-x32\...\SaveSense) (Version: 5.3.0.6 - SaveSense) <==== ATTENTION
SecretSauce (HKLM\...\SecretSauce) (Version: 2013.11.13.200710 - SecretSauce) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Torch (HKCU\...\Torch) (Version: 29.0.0.5516 - Torch Media, Inc) <==== ATTENTION
TP-LINK 3G Client (HKLM-x32\...\{3B9617DC-074C-44A6-A906-FC4CFA954404}) (Version: 1.0 - TP-LINK)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Restore Points =========================
21-02-2014 15:24:16 Windows Update
03-03-2014 19:24:10 Geplanter Prüfpunkt
12-03-2014 07:19:17 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {249647D1-0A54-48B0-9621-238406E1A481} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {39FDB9A9-CBC9-4971-9A75-2F533B07D925} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2013-11-20] (SaveSense) <==== ATTENTION
Task: {3B6AC7D5-8F1F-4BAB-ABB0-568C9F1EA58E} - System32\Tasks\PutLockerDownloader V6.0-updater => C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-updater.exe [2013-11-20] (installdaddy) <==== ATTENTION
Task: {43237F58-DB0B-4F38-B4E3-3764A411D852} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2013-11-20] (SaveSense) <==== ATTENTION
Task: {497E7B58-7B22-44E8-A624-52930AE7EDD5} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {4FE04485-17EA-4F86-A8D7-9998103B9A6B} - System32\Tasks\Play Now Radio => C:\Users\Kemenate\AppData\Local\playnowradio\playnowradio\1.3.4.1\playnowradio.exe [2014-02-03] (Pay By Ads LTD) <==== ATTENTION
Task: {55B25152-B254-4ABB-9C13-6FF13F2F2C85} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-10-04] (Systweak) <==== ATTENTION
Task: {792814DD-C276-46F4-B280-7E6E2AD3D9C2} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {7C9D7393-3C8D-4361-8A9A-F50AF43AF912} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {7E96DBBD-EFD2-450C-97ED-17AFE1E1A685} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {832AEE1A-DC5D-48A9-9F69-C81C3C1C14F0} - System32\Tasks\PutLockerDownloader V6.0-enabler => C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-enabler.exe [2013-11-20] (installdaddy) <==== ATTENTION
Task: {91322CD0-C087-4733-ACD8-2B6F71069F80} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {949FC684-1F7D-4BDC-A120-05516E29563E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {A7119D78-A94C-400D-9B3A-68821C77D86D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B8C3D280-BD9A-454A-A6C9-BD9B0D7FE5EB} - System32\Tasks\SaveSense => C:\Users\Kemenate\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {BA30D5ED-75FC-42A0-9DED-665D25C5E333} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8C5C5E1-F4BF-4D59-A8C5-EC6A48DA1117} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {D5FF4FBE-7D94-4CD0-A019-152FCA02A804} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E085DF69-FABF-4801-B5E4-34BB3D128F56} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF36C45E-6D93-4E16-A6C1-769920BC9C8E} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2014-02-06] (MyPCBackup.com)
Task: {F0D2738D-8AA1-4B52-A43C-517CB8A3ACB5} - System32\Tasks\PutLockerDownloader V6.0-codedownloader => C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-codedownloader.exe [2013-11-20] (installdaddy) <==== ATTENTION
Task: {F1CFC28A-121C-41BD-A9FD-DE7EF92DC6EF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Kemenate Asus => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-17] (Microsoft Corporation)
Task: C:\Windows\Tasks\PutLockerDownloader V6.0-codedownloader.job => C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\PutLockerDownloader V6.0-enabler.job => C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\PutLockerDownloader V6.0-updater.job => C:\Program Files (x86)\PutLockerDownloader V6.0\PutLockerDownloader V6.0-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Kemenate\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-01-14 14:46 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-01-14 14:46 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-01-14 14:46 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-11-13 21:07 - 2014-03-07 23:15 - 00112416 _____ () C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
2013-11-20 22:22 - 2014-03-12 12:56 - 00112416 _____ () C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
2014-02-06 16:19 - 2014-02-06 16:19 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-02-06 16:13 - 2014-02-06 16:13 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-29 17:15 - 2012-11-29 17:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2013-01-25 08:30 - 2012-11-02 08:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2013-11-20 11:14 - 2013-11-20 11:14 - 00484864 _____ () C:\program files (x86)\putlockerdownloader v6.0\PutLockerDownloader V6.0-buttonutil64.dll
2014-02-14 09:51 - 2013-12-18 09:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-29 13:04 - 2014-01-29 13:04 - 00300088 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-01-29 13:04 - 2014-01-29 13:04 - 00077368 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-11-24 10:18 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2013-11-24 10:17 - 2013-10-04 18:20 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-02-14 09:55 - 2014-01-29 13:04 - 00039480 _____ () C:\Users\Kemenate\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-14 09:55 - 2014-01-29 13:04 - 00300088 _____ () C:\Users\Kemenate\AppData\Local\Temp\avgnt.exe\Avira.OE.NativeCore.dll
2013-04-02 16:46 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-11 21:07 - 2013-12-11 21:07 - 00115664 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2014 08:04:07 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/12/2014 08:04:07 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/12/2014 08:04:06 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/11/2014 02:49:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FBAgent.exe, Version: 2.0.0.1, Zeitstempel: 0x50e6be1a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ebd59
ID des fehlerhaften Prozesses: 0x2f78
Startzeit der fehlerhaften Anwendung: 0xFBAgent.exe0
Pfad der fehlerhaften Anwendung: FBAgent.exe1
Pfad des fehlerhaften Moduls: FBAgent.exe2
Berichtskennung: FBAgent.exe3
Vollständiger Name des fehlerhaften Pakets: FBAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FBAgent.exe5
Error: (03/11/2014 02:43:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16798, Zeitstempel: 0x52ec7da1
Name des fehlerhaften Moduls: SecretSauceBHO.dll, Version: 1.0.0.3, Zeitstempel: 0x530d6153
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006fd1
ID des fehlerhaften Prozesses: 0x1a10
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/11/2014 02:43:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16798, Zeitstempel: 0x52ec7da1
Name des fehlerhaften Moduls: SecretSauceBHO.dll, Version: 1.0.0.3, Zeitstempel: 0x530d6153
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006fd1
ID des fehlerhaften Prozesses: 0x3614
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/11/2014 02:42:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16798, Zeitstempel: 0x52ec7da1
Name des fehlerhaften Moduls: SecretSauceBHO.dll, Version: 1.0.0.3, Zeitstempel: 0x530d6153
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006fd1
ID des fehlerhaften Prozesses: 0x3a10
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/11/2014 02:21:01 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16798, Zeitstempel: 0x52ec7da1
Name des fehlerhaften Moduls: SecretSauceBHO.dll, Version: 1.0.0.3, Zeitstempel: 0x530d6153
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006fd1
ID des fehlerhaften Prozesses: 0x3f94
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/11/2014 02:17:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/11/2014 02:17:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (03/12/2014 00:36:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/12/2014 00:35:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.03.2014 um 11:12:40 unerwartet heruntergefahren.
Error: (03/12/2014 11:41:42 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (03/11/2014 02:49:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/11/2014 02:49:05 AM) (Source: DCOM) (User: Asus)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2014 02:49:05 AM) (Source: DCOM) (User: Asus)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2014 02:49:05 AM) (Source: DCOM) (User: Asus)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2014 02:49:05 AM) (Source: DCOM) (User: Asus)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2014 02:15:22 AM) (Source: DCOM) (User: Asus)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}AsusKemenateS-1-5-21-1207578583-2813521856-3057339103-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (03/10/2014 09:21:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/12/2014 08:04:07 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (03/12/2014 08:04:07 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (03/12/2014 08:04:06 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (03/11/2014 02:49:24 AM) (Source: Application Error)(User: )
Description: FBAgent.exe2.0.0.150e6be1antdll.dll6.2.9200.1657951637f77c000037400000000000ebd592f7801cf3cc707479331C:\Windows\system32\FBAgent.exeC:\Windows\SYSTEM32\ntdll.dll5e951245-a8bf-11e3-bebe-00a0c6000000
Error: (03/11/2014 02:43:33 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1679852ec7da1SecretSauceBHO.dll1.0.0.3530d6153c000000500006fd11a1001cf3ccb3ff5d9bdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll8dc66729-a8be-11e3-bebe-00a0c6000000
Error: (03/11/2014 02:43:03 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1679852ec7da1SecretSauceBHO.dll1.0.0.3530d6153c000000500006fd1361401cf3ccb3d23684aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll7b806486-a8be-11e3-bebe-00a0c6000000
Error: (03/11/2014 02:42:39 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1679852ec7da1SecretSauceBHO.dll1.0.0.3530d6153c000000500006fd13a1001cf3ccb2ea0a736C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll6d3e03c4-a8be-11e3-bebe-00a0c6000000
Error: (03/11/2014 02:21:01 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1679852ec7da1SecretSauceBHO.dll1.0.0.3530d6153c000000500006fd13f9401cf3cc827029fc5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SecretSauce\SecretSauceBHO.dll678b2733-a8bb-11e3-bebe-00a0c6000000
Error: (03/11/2014 02:17:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (03/11/2014 02:17:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
==================== Memory info ===========================
Percentage of memory in use: 75%
Total physical RAM: 1931.61 MB
Available physical RAM: 474.8 MB
Total Pagefile: 4491.61 MB
Available Pagefile: 2596.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:78.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.55 GB) (Free:157.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 04A53D1B)
Partition: GPT Partition Type.
==================== End Of Log ============================
Danke |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
