Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Backdoor0Access und PUP OptionalCrossRiderA (https://www.trojaner-board.de/152509-backdoor0access-pup-optionalcrossridera.html)

Sofakissen 14.04.2014 16:38
Backdoor0Access und PUP OptionalCrossRiderA
 
Hallo,

erst mal danke, dass es Euch noch gibt.:knuddel:

Ich habe mir die im Titel aufgelisteten Probleme eingefangen und werde sie nicht los

Hier die log Datei von Malwarebytes .... und DANKE

Gruuß
Sofakissen


www.malwarebytes.org

Suchlauf Datum: 14.04.2014
Suchlauf-Zeit: 17:34:13
Logdatei: log 1404.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.14.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ASUS

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 246701
Verstrichene Zeit: 39 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
Backdoor.0Access, C:\Windows\Installer\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\L, , [f30d0bf539c770903082e81836ca7a86],
Backdoor.0Access, C:\Windows\Installer\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\U, , [fc0440c0c53b2cd4a90a29d7ad53a35d],

Dateien: 2
Backdoor.0Access, C:\Windows\Installer\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@, , [e020b54b02fef30db8b96d9317e9d927],
PUP.Optional.CrossRider.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1454c3eda5212d3bc9e0799ae579d6e9");), ,[f60a9b65c53bae524058133958aca060]

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber 14.04.2014 16:58
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Sofakissen 14.04.2014 17:18
FRST
FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by ASUS (administrator) on ASUS-PC on 14-04-2014 18:13:42
Running from C:\Users\ASUS\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\ASUS\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\System32\DlProtectSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\system32\pnrpnspd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\dlprotect.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================



XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX



FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2014 01
Ran by ASUS at 2014-04-14 18:14:51
Running from C:\Users\ASUS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATI Catalyst Install Manager (HKLM\...\{2304AF3E-F694-38CA-B0F9-E80D5CA390F4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0921.2140.37013 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help English (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help French (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help German (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
ccc-utility64 (Version: 2010.0921.2140.37013 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepMeta (HKLM-x32\...\{72444A82-2584-492E-ADB6-81F4526EAD79}) (Version: 2.0.0013 - Eazign bvba - Franky De Meyer)
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoLine 18.0.2.0 (HKLM\...\PhotoLine_is1) (Version: 18.0.2.0 - Computerinsel GmbH)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5300 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1D29CD04-AC95-4930-9A7F-5378DC5AA2CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {36192DBD-3D65-443B-A730-E3740E99FA73} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {442F57E6-EBA6-447C-87B6-3742E284AE20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03] (Google Inc.)
Task: {4AEEFE15-73CF-451E-A139-4604C3954AE9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated)
Task: {55CE1D31-F5B6-4E6D-8D32-EC61B70F1070} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {73EA6604-BE21-4CB5-8D27-56B49146D3AA} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {93EBF5BA-F036-4275-845F-CD1D4A145227} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03] (Google Inc.)
Task: {9A8A1ECE-BBE6-4FF8-B949-D562981DC408} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {DB8EBF4F-3C73-47A2-8CC2-6C66FD749304} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {EF22680F-FBDF-43A9-9E9D-009ACBCA9F03} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-PC-ASUS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F3F03686-F441-4ECF-A1CC-0D450ACEA55C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-11] (ASUS)
Task: {FF7DC995-677C-4C52-A149-85D24B25062D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-10 17:25 - 2014-04-10 17:25 - 01005056 _____ () C:\Users\ASUS\AppData\Roaming\BupSystem\bup.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\System32\DlProtectSvc.exe
2008-09-30 23:02 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-02-01 00:03 - 2007-11-30 21:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-07-15 02:11 - 2010-07-15 02:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2010-09-24 02:53 - 2010-09-24 02:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2010-09-22 07:38 - 2010-09-22 07:38 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-10-16 18:36 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-10 17:25 - 2014-04-10 17:25 - 00374272 _____ () C:\Users\ASUS\AppData\Roaming\BupSystem\sub\default.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2014-03-18 19:52 - 2014-03-18 19:52 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-04-13 12:04 - 2012-04-13 12:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 01:35:30 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (04/12/2014 06:58:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PhotoLine64.exe, Version: 18.0.2.0, Zeitstempel: 0x530e11ed
Name des fehlerhaften Moduls: PhotoLine64.exe, Version: 18.0.2.0, Zeitstempel: 0x530e11ed
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000c5b6b7
ID des fehlerhaften Prozesses: 0x6ec
Startzeit der fehlerhaften Anwendung: 0xPhotoLine64.exe0
Pfad der fehlerhaften Anwendung: PhotoLine64.exe1
Pfad des fehlerhaften Moduls: PhotoLine64.exe2
Berichtskennung: PhotoLine64.exe3

Error: (04/12/2014 02:13:32 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 02:11:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/11/2014 06:36:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x518
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (04/11/2014 06:34:48 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (04/11/2014 06:34:44 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).


System errors:
=============
Error: (04/14/2014 05:34:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1290

Error: (04/14/2014 05:34:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/14/2014 05:34:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1314

Error: (04/14/2014 05:34:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1290

Error: (04/14/2014 05:34:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/14/2014 05:34:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1290

Error: (04/14/2014 05:34:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/14/2014 05:34:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/13/2014 06:46:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (04/13/2014 06:18:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.


Microsoft Office Sessions:
=========================
Error: (04/13/2014 01:35:30 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (04/12/2014 06:58:49 PM) (Source: Application Error)(User: )
Description: PhotoLine64.exe18.0.2.0530e11edPhotoLine64.exe18.0.2.0530e11edc00000fd0000000000c5b6b76ec01cf56608f995154C:\Program Files\PhotoLine\PhotoLine64.exeC:\Program Files\PhotoLine\PhotoLine64.exeb77602db-c263-11e3-838a-bcaec51d00cd

Error: (04/12/2014 02:13:32 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (04/12/2014 02:11:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll

Error: (04/11/2014 06:36:39 AM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472951801cf54e27057b442C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dlldf0cdf98-c132-11e3-86c1-bcaec51d00cd

Error: (04/11/2014 06:34:48 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422

Error: (04/11/2014 06:34:44 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3837.64 MB
Available physical RAM: 1757.42 MB
Total Pagefile: 7673.45 MB
Available Pagefile: 5208.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:14.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:211.85 GB) (Free:93.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E8AEF17A)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 15.04.2014 13:48
FRST Logs ist unvollständig und nicht in Codetags

Sofakissen 15.04.2014 14:27
sorry
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by ASUS (administrator) on ASUS-PC on 14-04-2014 18:13:42
Running from C:\Users\ASUS\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\ASUS\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\System32\DlProtectSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\system32\pnrpnspd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\dlprotect.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-04-10] ()
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2628594291-1473644571-3496710548-1000\...\MountPoints2: {150ecc7f-969e-11e1-9cd2-bcaec51d00cd} - G:\SETUP.EXE
HKU\S-1-5-21-2628594291-1473644571-3496710548-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-2628594291-1473644571-3496710548-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {150ecc7f-969e-11e1-9cd2-bcaec51d00cd} - G:\SETUP.EXE
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD641ADAA4CBECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - DefaultScope {EC5DB6FE-9D80-4809-B4EB-8FC55519AF33} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {68937974-60BC-4D38-A508-3791B24F0E05} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E28A4C1-A727-4E2B-8A41-21246A99B6E0&apn_sauid=BD74F9C2-3BF9-4650-A04A-E93C8370FDBE
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {EC5DB6FE-9D80-4809-B4EB-8FC55519AF33} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39BA5C75-2EF5-4A59-9CF7-352C7C631CC8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default
FF user.js: detected! => C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\user.js
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\security@protegere.org [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{61A2478B-A781-4EAB-856A-CBF4E7F0B6CA}] - C:\Windows\Installer\{B288D5B6-2359-484F-9E4D-CEE50DA68C38}\{61A2478B-A781-4EAB-856A-CBF4E7F0B6CA}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{B288D5B6-2359-484F-9E4D-CEE50DA68C38}\{61A2478B-A781-4EAB-856A-CBF4E7F0B6CA}.xpi [2014-04-13]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (iStock Stats Improvements) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfdegfepelnnkenbodmhefohibemime [2013-12-03]
CHR Extension: (iStock lightbox tools) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdokojnopdoojlonecjjlgchgcneijof [2013-12-03]
CHR Extension: (iStock my_uploads fixes) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckloododgagaeepfamopjnjgbhbanlcg [2013-11-15]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (Download Protect) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlkebccgijbhkcblblobfnkomaonafm [2014-04-13]
CHR Extension: (iStock Toolbar Updates) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcljmlmobmcahfkbhlcocelkbflfndn [2013-12-03]
CHR Extension: (iStock search/lightbox result modifications) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcjgiimamniclinkoigdkachooilbgi [2013-12-03]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 bupService; C:\Users\ASUS\AppData\Roaming\BupSystem\bup.exe [1005056 2014-04-10] ()
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [126976 2014-04-10] ()
R2 UserAdcountControlSettings; C:\Windows\system32\pnrpnspd.exe [118784 2014-04-10] ()

==================== Drivers (Whitelisted) ====================

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-10] (StdLib)
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 18:13 - 2014-04-14 18:14 - 00014216 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-14 18:13 - 2014-04-14 18:13 - 00000000 ____D () C:\FRST
2014-04-14 18:12 - 2014-04-14 18:12 - 02157568 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-13 18:16 - 2014-04-13 18:46 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 15:21 - 2014-04-14 16:48 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-12 08:52 - 2014-04-14 16:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:51 - 2014-04-14 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 08:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 08:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 08:50 - 2014-04-12 08:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ASUS\Desktop\malwarebytesmbam-setup-2.0.1.1004.exe
2014-04-12 06:32 - 2014-04-12 09:21 - 00095238 _____ () C:\Windows\PFRO.log
2014-04-11 15:17 - 2014-04-13 19:58 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:59 - 2014-04-11 06:59 - 04787368 _____ (Piriform Ltd) C:\Users\ASUS\Desktop\neuccsetup412.exe
2014-04-11 06:56 - 2014-04-11 06:56 - 00509321 _____ () C:\Users\ASUS\Desktop\bookmarks-2014-04-11.json
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:43 - 2014-04-11 07:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-10 20:20 - 2014-04-10 20:19 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-13 20:37 - 00000952 _____ () C:\Windows\setupact.log
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-10 17:24 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 17:22 - 2014-04-12 09:21 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-10 17:22 - 2014-04-10 17:22 - 00000000 ____D () C:\Users\ASUS\AppData\Local\SearchProtect
2014-04-10 17:21 - 2014-04-10 17:24 - 00000000 ____D () C:\Users\ASUS\AppData\Local\DownloadGuide
2014-04-10 07:43 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 07:43 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 07:43 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 07:43 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 07:43 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 07:43 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 07:43 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 07:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 07:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 07:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 07:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 07:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 18:07 - 2014-04-08 07:58 - 00000000 ____D () C:\Users\ASUS\Desktop\GK III Kompo
2014-04-05 15:14 - 2014-04-05 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-04-05 12:39 - 2014-04-05 12:40 - 00012678 _____ () C:\Users\ASUS\Desktop\bank mörs.odt
2014-03-18 19:52 - 2014-03-18 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-14 18:14 - 2014-04-14 18:13 - 00014216 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-14 18:13 - 2014-04-14 18:13 - 00000000 ____D () C:\FRST
2014-04-14 18:13 - 2013-11-03 05:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 18:12 - 2014-04-14 18:12 - 02157568 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-14 17:35 - 2014-04-12 08:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 17:35 - 2013-03-16 09:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 17:13 - 2013-11-03 05:20 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 16:55 - 2014-04-12 08:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 16:48 - 2014-04-12 15:21 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-13 20:37 - 2014-04-10 19:12 - 00000952 _____ () C:\Windows\setupact.log
2014-04-13 19:58 - 2014-04-11 15:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-13 18:52 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 18:52 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 18:46 - 2014-04-13 18:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 18:44 - 2013-09-13 07:58 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-13 18:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 18:43 - 2011-01-31 23:38 - 01972406 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 18:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 14:16 - 2013-06-15 15:24 - 00000000 ____D () C:\Windows\rescache
2014-04-12 09:21 - 2014-04-12 06:32 - 00095238 _____ () C:\Windows\PFRO.log
2014-04-12 09:21 - 2014-04-10 17:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-12 09:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Malwarebytes
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 08:50 - 2014-04-12 08:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ASUS\Desktop\malwarebytesmbam-setup-2.0.1.1004.exe
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 13:04 - 2013-11-15 07:02 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 07:01 - 2014-04-11 06:43 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:59 - 2014-04-11 06:59 - 04787368 _____ (Piriform Ltd) C:\Users\ASUS\Desktop\neuccsetup412.exe
2014-04-11 06:56 - 2014-04-11 06:56 - 00509321 _____ () C:\Users\ASUS\Desktop\bookmarks-2014-04-11.json
2014-04-11 06:49 - 2009-07-14 04:34 - 00000651 _____ () C:\Windows\win.ini
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-11 06:39 - 2013-07-15 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 06:36 - 2013-01-27 10:54 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 20:27 - 2011-02-01 00:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-10 20:19 - 2014-04-10 20:20 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:12 - 2011-02-01 00:03 - 00001388 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-10 19:05 - 2012-05-05 13:15 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-04-10 19:02 - 2013-03-16 09:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-10 19:02 - 2012-05-06 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-10 19:02 - 2012-05-06 18:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:56 - 2011-02-01 00:03 - 00002000 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-10 17:38 - 2012-07-28 14:08 - 00000000 ____D () C:\Windows\Minidump
2014-04-10 17:38 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-04-10 17:31 - 2011-02-01 00:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-10 17:29 - 2012-05-05 13:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-10 17:27 - 2012-05-05 13:25 - 00000000 ____D () C:\Program Files\Adobe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-10 17:25 - 2014-04-10 17:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 17:25 - 2012-05-06 14:06 - 00000000 ____D () C:\Users\ASUS\Desktop\Photo Verwaltung
2014-04-10 17:24 - 2014-04-10 17:21 - 00000000 ____D () C:\Users\ASUS\AppData\Local\DownloadGuide
2014-04-10 17:22 - 2014-04-10 17:22 - 00000000 ____D () C:\Users\ASUS\AppData\Local\SearchProtect
2014-04-08 07:58 - 2014-04-07 18:07 - 00000000 ____D () C:\Users\ASUS\Desktop\GK III Kompo
2014-04-07 18:50 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 18:50 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 18:50 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:25 - 2014-04-05 15:14 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-04-05 12:40 - 2014-04-05 12:39 - 00012678 _____ () C:\Users\ASUS\Desktop\bank mörs.odt
2014-04-03 09:51 - 2014-04-12 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-14 16:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 17:32 - 2012-05-06 14:07 - 01217536 _____ () C:\Users\ASUS\Desktop\Telearbeitszeiten5.xls
2014-04-01 07:30 - 2011-01-31 23:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-31 03:16 - 2014-04-10 07:43 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 07:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 07:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 07:43 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 18:08 - 2013-11-03 05:20 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 18:08 - 2013-11-03 05:20 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-20 06:49 - 2013-03-08 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 19:52 - 2014-03-18 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

ZeroAccess:
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\6_Offer_11.exe
C:\Users\ASUS\AppData\Local\Temp\avgnt.exe
C:\Users\ASUS\AppData\Local\Temp\instruct.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 14:06

==================== End Of Log ============================
--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2014 01
Ran by ASUS at 2014-04-14 18:14:51
Running from C:\Users\ASUS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATI Catalyst Install Manager (HKLM\...\{2304AF3E-F694-38CA-B0F9-E80D5CA390F4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0921.2140.37013 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help English (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help French (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help German (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0921.2139.37013 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0921.2140.37013 - ATI) Hidden
ccc-utility64 (Version: 2010.0921.2140.37013 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepMeta (HKLM-x32\...\{72444A82-2584-492E-ADB6-81F4526EAD79}) (Version: 2.0.0013 - Eazign bvba - Franky De Meyer)
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoLine 18.0.2.0 (HKLM\...\PhotoLine_is1) (Version: 18.0.2.0 - Computerinsel GmbH)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5300 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1D29CD04-AC95-4930-9A7F-5378DC5AA2CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {36192DBD-3D65-443B-A730-E3740E99FA73} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {442F57E6-EBA6-447C-87B6-3742E284AE20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03] (Google Inc.)
Task: {4AEEFE15-73CF-451E-A139-4604C3954AE9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated)
Task: {55CE1D31-F5B6-4E6D-8D32-EC61B70F1070} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {73EA6604-BE21-4CB5-8D27-56B49146D3AA} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {93EBF5BA-F036-4275-845F-CD1D4A145227} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03] (Google Inc.)
Task: {9A8A1ECE-BBE6-4FF8-B949-D562981DC408} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {DB8EBF4F-3C73-47A2-8CC2-6C66FD749304} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {EF22680F-FBDF-43A9-9E9D-009ACBCA9F03} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-PC-ASUS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F3F03686-F441-4ECF-A1CC-0D450ACEA55C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-11] (ASUS)
Task: {FF7DC995-677C-4C52-A149-85D24B25062D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-10 17:25 - 2014-04-10 17:25 - 01005056 _____ () C:\Users\ASUS\AppData\Roaming\BupSystem\bup.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\System32\DlProtectSvc.exe
2008-09-30 23:02 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-02-01 00:03 - 2007-11-30 21:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-07-15 02:11 - 2010-07-15 02:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2010-09-24 02:53 - 2010-09-24 02:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2010-09-22 07:38 - 2010-09-22 07:38 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-10-16 18:36 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-10 17:25 - 2014-04-10 17:25 - 00374272 _____ () C:\Users\ASUS\AppData\Roaming\BupSystem\sub\default.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2014-03-18 19:52 - 2014-03-18 19:52 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-04-13 12:04 - 2012-04-13 12:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 01:35:30 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (04/12/2014 06:58:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PhotoLine64.exe, Version: 18.0.2.0, Zeitstempel: 0x530e11ed
Name des fehlerhaften Moduls: PhotoLine64.exe, Version: 18.0.2.0, Zeitstempel: 0x530e11ed
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000000000c5b6b7
ID des fehlerhaften Prozesses: 0x6ec
Startzeit der fehlerhaften Anwendung: 0xPhotoLine64.exe0
Pfad der fehlerhaften Anwendung: PhotoLine64.exe1
Pfad des fehlerhaften Moduls: PhotoLine64.exe2
Berichtskennung: PhotoLine64.exe3

Error: (04/12/2014 02:13:32 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2014 02:11:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/11/2014 06:36:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x518
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (04/11/2014 06:34:48 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (04/11/2014 06:34:44 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).


System errors:
=============
Error: (04/14/2014 05:34:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1290

Error: (04/14/2014 05:34:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/14/2014 05:34:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1314

Error: (04/14/2014 05:34:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1290

Error: (04/14/2014 05:34:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/14/2014 05:34:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1290

Error: (04/14/2014 05:34:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/14/2014 05:34:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Basisfiltermodul" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1290

Error: (04/13/2014 06:46:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (04/13/2014 06:18:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.


Microsoft Office Sessions:
=========================
Error: (04/13/2014 01:35:30 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (04/12/2014 06:58:49 PM) (Source: Application Error)(User: )
Description: PhotoLine64.exe18.0.2.0530e11edPhotoLine64.exe18.0.2.0530e11edc00000fd0000000000c5b6b76ec01cf56608f995154C:\Program Files\PhotoLine\PhotoLine64.exeC:\Program Files\PhotoLine\PhotoLine64.exeb77602db-c263-11e3-838a-bcaec51d00cd

Error: (04/12/2014 02:13:32 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll

Error: (04/12/2014 02:11:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (04/12/2014 02:11:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll

Error: (04/11/2014 06:36:39 AM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472951801cf54e27057b442C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dlldf0cdf98-c132-11e3-86c1-bcaec51d00cd

Error: (04/11/2014 06:34:48 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422

Error: (04/11/2014 06:34:44 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3837.64 MB
Available physical RAM: 1757.42 MB
Total Pagefile: 7673.45 MB
Available Pagefile: 5208.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:14.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:211.85 GB) (Free:93.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E8AEF17A)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 16.04.2014 18:40
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sofakissen 16.04.2014 19:54
Combofix Logfile:
Code:
ComboFix 14-04-12.01 - ASUS 16.04.2014  20:20:05.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3838.1983 [GMT 2:00]
ausgeführt von:: c:\users\ASUS\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\SearchProtect
c:\programdata\dlprotect.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-16 bis 2014-04-16  ))))))))))))))))))))))))))))))
.
.
2014-04-16 18:34 . 2014-04-16 18:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-16 05:09 . 2014-03-06 06:00        359936        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2014-04-16 05:09 . 2014-03-06 05:50        257536        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-16 05:09 . 2014-03-06 08:32        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-04-16 05:09 . 2014-03-06 08:57        548352        ----a-w-        c:\windows\system32\vbscript.dll
2014-04-16 05:09 . 2014-03-06 08:02        455168        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-04-16 05:09 . 2014-03-08 02:34        293072        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2014-04-16 05:09 . 2014-03-08 01:59        235216        ----a-w-        c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-04-16 05:09 . 2014-03-06 08:36        222720        ----a-w-        c:\program files\Internet Explorer\ielowutil.exe
2014-04-16 05:09 . 2014-03-06 07:44        482816        ----a-w-        c:\program files\Internet Explorer\ieinstal.exe
2014-04-16 05:09 . 2014-03-06 07:44        222720        ----a-w-        c:\program files (x86)\Internet Explorer\ielowutil.exe
2014-04-16 05:09 . 2014-03-06 07:03        470016        ----a-w-        c:\program files (x86)\Internet Explorer\ieinstal.exe
2014-04-15 13:30 . 2014-04-16 18:15        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{36DC4D1B-B4CA-4BC5-845C-AF991CEF2387}\offreg.dll
2014-04-15 06:10 . 2014-03-20 06:52        10521840        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{36DC4D1B-B4CA-4BC5-845C-AF991CEF2387}\mpengine.dll
2014-04-14 16:13 . 2014-04-15 13:25        --------        d-----w-        C:\FRST
2014-04-12 06:52 . 2014-04-16 18:15        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-12 06:51 . 2014-04-14 15:35        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-12 06:51 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-12 06:51 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-11 13:17 . 2014-04-16 17:52        --------        d-----w-        c:\users\ASUS\AppData\Roaming\PhotoLine
2014-04-11 13:17 . 2014-04-11 13:17        --------        d-----w-        c:\program files\PhotoLine
2014-04-11 05:00 . 2014-04-11 05:00        --------        d-----w-        c:\program files\CCleaner
2014-04-11 04:47 . 2014-04-11 04:47        --------        d-----w-        c:\users\ASUS\AppData\Roaming\vlc
2014-04-11 04:43 . 2014-04-11 05:01        --------        d-----w-        c:\program files (x86)\VideoLAN
2014-04-10 16:54 . 2014-04-10 16:54        61120        ----a-w-        c:\windows\system32\drivers\wStLibG64.sys
2014-04-10 15:25 . 2014-04-10 15:25        118784        ----a-w-        c:\windows\system32\pnrpnspd.exe
2014-04-10 15:25 . 2014-04-10 15:25        126976        ----a-w-        c:\windows\system32\DlProtectSvc.exe
2014-04-10 15:25 . 2014-04-16 05:17        --------        d-----w-        c:\users\ASUS\AppData\Roaming\BupSystem
2014-04-10 15:24 . 2014-04-10 15:25        --------        d-----w-        c:\users\ASUS\AppData\Roaming\Security System 2
2014-04-10 15:22 . 2014-04-10 15:22        --------        d-----w-        c:\users\ASUS\AppData\Local\SearchProtect
2014-04-10 15:21 . 2014-04-10 15:24        --------        d-----w-        c:\users\ASUS\AppData\Local\DownloadGuide
2014-04-10 05:43 . 2014-02-04 02:35        190912        ----a-w-        c:\windows\system32\drivers\storport.sys
2014-04-10 05:43 . 2014-02-04 02:35        274880        ----a-w-        c:\windows\system32\drivers\msiscsi.sys
2014-04-10 05:43 . 2014-02-04 02:35        27584        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2014-04-10 05:43 . 2014-02-04 02:28        2048        ----a-w-        c:\windows\system32\iologmsg.dll
2014-04-10 05:43 . 2014-02-04 02:00        2048        ----a-w-        c:\windows\SysWow64\iologmsg.dll
2014-04-10 05:42 . 2014-03-04 09:44        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-04-10 05:42 . 2014-03-04 09:44        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-04-10 05:42 . 2014-03-04 09:44        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-04-10 05:42 . 2014-03-04 09:44        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-04-10 05:42 . 2014-03-04 09:44        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2014-04-10 05:42 . 2014-03-04 09:17        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-04-10 05:42 . 2014-03-04 09:16        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-04-10 05:42 . 2014-03-04 09:16        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-04-10 05:42 . 2014-03-04 08:09        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-04-10 05:42 . 2014-03-04 08:09        2048        ----a-w-        c:\windows\SysWow64\user.exe
2014-04-10 05:42 . 2014-01-24 02:37        1684928        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 15:25 . 2013-09-13 05:58        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2014-04-11 04:36 . 2013-01-27 08:54        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-04-10 17:02 . 2012-05-06 16:02        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 17:02 . 2012-05-06 16:02        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-03 07:50 . 2013-03-14 14:16        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-03-31 07:35 . 2012-05-06 11:57        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-10 05:42        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 17:43        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 05:51        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 17:41        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 05:51        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 17:41        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 17:43        484864        ----a-w-        c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 17:43        381440        ----a-w-        c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 17:43        228864        ----a-w-        c:\windows\system32\wwansvc.dll
2014-01-20 07:30 . 2014-01-20 07:30        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2014-01-20 07:30 . 2014-01-20 07:30        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-20 07:30 . 2014-01-20 07:30        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2014-01-20 07:30 . 2014-01-20 07:30        235008        ----a-w-        c:\windows\system32\elshyph.dll
2014-01-20 07:30 . 2014-01-20 07:30        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2014-01-20 07:30 . 2014-01-20 07:30        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2014-01-20 07:30 . 2014-01-20 07:30        337408        ----a-w-        c:\windows\SysWow64\html.iec
2014-01-20 07:30 . 2014-01-20 07:30        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2014-01-20 07:30 . 2014-01-20 07:30        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2014-01-20 07:30 . 2014-01-20 07:30        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2014-01-20 07:30 . 2014-01-20 07:30        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-01-20 07:30 . 2014-01-20 07:30        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2014-01-20 07:30 . 2014-01-20 07:30        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-20 07:30 . 2014-01-20 07:30        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-01-20 07:30 . 2014-01-20 07:30        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2014-01-20 07:30 . 2014-01-20 07:30        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2014-01-20 07:30 . 2014-01-20 07:30        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2014-01-20 07:30 . 2014-01-20 07:30        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2014-01-20 07:30 . 2014-01-20 07:30        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2014-01-20 07:30 . 2014-01-20 07:30        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2014-01-20 07:30 . 2014-01-20 07:30        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2014-01-20 07:30 . 2014-01-20 07:30        247808        ----a-w-        c:\windows\system32\msls31.dll
2014-01-20 07:30 . 2014-01-20 07:30        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2014-01-20 07:30 . 2014-01-20 07:30        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2014-01-20 07:30 . 2014-01-20 07:30        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2014-01-20 07:30 . 2014-01-20 07:30        81408        ----a-w-        c:\windows\system32\icardie.dll
2014-01-20 07:30 . 2014-01-20 07:30        77312        ----a-w-        c:\windows\system32\tdc.ocx
2014-01-20 07:30 . 2014-01-20 07:30        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2014-01-20 07:30 . 2014-01-20 07:30        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2014-01-20 07:30 . 2014-01-20 07:30        413696        ----a-w-        c:\windows\system32\html.iec
2014-01-20 07:30 . 2014-01-20 07:30        235520        ----a-w-        c:\windows\system32\url.dll
2014-01-20 07:30 . 2014-01-20 07:30        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2014-01-20 07:30 . 2014-01-20 07:30        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-01-20 07:30 . 2014-01-20 07:30        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-01-20 07:30 . 2014-01-20 07:30        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-01-20 07:30 . 2014-01-20 07:30        774144        ----a-w-        c:\windows\system32\jscript.dll
2014-01-20 07:30 . 2014-01-20 07:30        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2014-01-20 07:30 . 2014-01-20 07:30        48128        ----a-w-        c:\windows\system32\imgutil.dll
2014-01-20 07:30 . 2014-01-20 07:30        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2014-01-20 07:30 . 2014-01-20 07:30        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-01-20 07:30 . 2014-01-20 07:30        243200        ----a-w-        c:\windows\system32\webcheck.dll
2014-01-20 07:30 . 2014-01-20 07:30        167424        ----a-w-        c:\windows\system32\iexpress.exe
2014-01-20 07:30 . 2014-01-20 07:30        147968        ----a-w-        c:\windows\system32\occache.dll
2014-01-20 07:30 . 2014-01-20 07:30        143872        ----a-w-        c:\windows\system32\wextract.exe
2014-01-20 07:30 . 2014-01-20 07:30        13824        ----a-w-        c:\windows\system32\mshta.exe
2014-01-20 07:30 . 2014-01-20 07:30        135680        ----a-w-        c:\windows\system32\iepeers.dll
2014-01-20 07:30 . 2014-01-20 07:30        101376        ----a-w-        c:\windows\system32\inseng.dll
2009-04-08 08:31 . 2009-04-08 08:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-11 19:45 . 2008-08-11 19:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-19 09:25        222808        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-19 09:25        222808        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-19 09:25        222808        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-22 98304]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdTools64.sys [x]
R3 cpuz135;cpuz135;c:\users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 DlProtectSvc;Download Protect Service;c:\windows\System32\DlProtectSvc.exe;c:\windows\SYSNATIVE\DlProtectSvc.exe [x]
S2 UserAdcountControlSettings;RDPCDD Fax Server-SMB-Treiber;c:\windows\system32\pnrpnspd.exe;c:\windows\SYSNATIVE\pnrpnspd.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 11:02        1077576        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 17:02]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 03:19]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-19 09:26        261704        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-19 09:26        261704        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-19 09:26        261704        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{39BA5C75-2EF5-4A59-9CF7-352C7C631CC8}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2628594291-1473644571-3496710548-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2628594291-1473644571-3496710548-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-16  20:50:17
ComboFix-quarantined-files.txt  2014-04-16 18:50
.
Vor Suchlauf: 8 Verzeichnis(se), 14.545.625.088 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 14.579.499.008 Bytes frei
.
- - End Of File - - 29E0B9686A399806A5DB9F94D1441000
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 17.04.2014 13:40
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Sofakissen 17.04.2014 16:01
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.04.2014
Suchlauf-Zeit: 15:55:11
Logdatei: log malwarebytes.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.17.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ASUS

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 255226
Verstrichene Zeit: 44 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.CrossRider.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1454c3eda5212d3bc9e0799ae579d6e9");), Ersetzt,[60a0f60af20e639d0579b59c6c98837d]

Physische Sektoren: 0
(No malicious items detected)


(end)




AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 17/04/2014 um 16:36:59
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ASUS - ASUS-PC
# Gestartet von : C:\Users\ASUS\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\ASUS\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\ASUS\AppData\Local\SearchProtect
Datei Gelöscht : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\invalidprefs.js
Datei Gelöscht : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1454c3eda5212d3bc9e0799ae579d6e9");

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2484 octets] - [17/04/2014 16:05:44]
AdwCleaner[S0].txt - [2338 octets] - [17/04/2014 16:36:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2398 octets] ##########
--- --- ---




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ASUS on 17.04.2014 at 16:43:00,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68937974-60BC-4D38-A508-3791B24F0E05}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\ASUS\appdata\local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}



~~~ FireFox

Emptied folder: C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\xngipxdj.default\minidumps [119 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.04.2014 at 16:51:08,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by ASUS (administrator) on ASUS-PC on 17-04-2014 16:57:04
Running from C:\Users\ASUS\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\DlProtectSvc.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\system32\pnrpnspd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD641ADAA4CBECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {EC5DB6FE-9D80-4809-B4EB-8FC55519AF33} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39BA5C75-2EF5-4A59-9CF7-352C7C631CC8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\security@protegere.org [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{21418E73-0272-4F4A-AC08-87DA727D28D5}] - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi [2014-04-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (iStock Stats Improvements) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfdegfepelnnkenbodmhefohibemime [2013-12-03]
CHR Extension: (iStock lightbox tools) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdokojnopdoojlonecjjlgchgcneijof [2013-12-03]
CHR Extension: (iStock my_uploads fixes) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckloododgagaeepfamopjnjgbhbanlcg [2013-11-15]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (iStock Toolbar Updates) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcljmlmobmcahfkbhlcocelkbflfndn [2013-12-03]
CHR Extension: (iStock search/lightbox result modifications) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcjgiimamniclinkoigdkachooilbgi [2013-12-03]
CHR Extension: (Download Protect) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdhgffjdfmodalggkhpmmpfdmkpppop [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [126976 2014-04-10] ()
R2 UserAdcountControlSettings; C:\Windows\system32\pnrpnspd.exe [118784 2014-04-10] ()

==================== Drivers (Whitelisted) ====================

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 16:57 - 2014-04-17 16:57 - 00011782 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-17 16:51 - 2014-04-17 16:51 - 00001010 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:05 - 2014-04-17 16:37 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:17 - 2014-04-16 20:51 - 00000000 ____D () C:\Qoobox
2014-04-16 20:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 20:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 20:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 20:16 - 2014-04-16 20:46 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 07:09 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 07:09 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 07:09 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 07:09 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 07:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 07:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 07:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 07:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 07:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 07:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 07:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 07:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 07:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 07:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 07:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 07:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 15:25 - 2014-04-17 16:56 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-14 18:13 - 2014-04-17 16:57 - 00000000 ____D () C:\FRST
2014-04-14 18:12 - 2014-04-17 16:56 - 02158592 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-13 18:16 - 2014-04-16 07:24 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 15:21 - 2014-04-16 18:10 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-12 08:52 - 2014-04-17 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:51 - 2014-04-14 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 08:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 08:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 06:32 - 2014-04-16 20:56 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-11 15:17 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:43 - 2014-04-11 07:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-10 20:20 - 2014-04-10 20:19 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-17 16:53 - 00001456 _____ () C:\Windows\setupact.log
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:25 - 2014-04-16 07:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:24 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 07:43 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 07:43 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 07:43 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 07:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 07:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 07:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 07:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 07:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 15:14 - 2014-04-05 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-03-18 19:52 - 2014-03-18 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-17 16:58 - 2014-04-17 16:57 - 00011782 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-17 16:57 - 2014-04-14 18:13 - 00000000 ____D () C:\FRST
2014-04-17 16:56 - 2014-04-15 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-17 16:56 - 2014-04-14 18:12 - 02158592 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-17 16:53 - 2014-04-10 19:12 - 00001456 _____ () C:\Windows\setupact.log
2014-04-17 16:53 - 2013-11-03 05:20 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 16:53 - 2013-09-13 07:58 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-17 16:53 - 2011-01-31 23:38 - 02075956 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 16:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 16:51 - 2014-04-17 16:51 - 00001010 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-04-17 16:47 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 16:47 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:37 - 2014-04-17 16:05 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:35 - 2013-03-16 09:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 16:13 - 2013-11-03 05:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-17 15:10 - 2014-04-12 08:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 15:06 - 2012-05-06 14:07 - 01217536 _____ () C:\Users\ASUS\Desktop\Telearbeitszeiten5.xls
2014-04-17 12:05 - 2014-04-11 15:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-16 20:56 - 2014-04-12 06:32 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-16 20:51 - 2014-04-16 20:17 - 00000000 ____D () C:\Qoobox
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:46 - 2014-04-16 20:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 20:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 18:10 - 2014-04-12 15:21 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-16 09:39 - 2013-06-15 15:24 - 00000000 ____D () C:\Windows\rescache
2014-04-16 07:24 - 2014-04-13 18:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-16 07:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 07:17 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-15 07:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-14 17:35 - 2014-04-12 08:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 18:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Malwarebytes
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 13:04 - 2013-11-15 07:02 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 07:01 - 2014-04-11 06:43 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:49 - 2009-07-14 04:34 - 00000651 _____ () C:\Windows\win.ini
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-11 06:39 - 2013-07-15 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 06:36 - 2013-01-27 10:54 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 20:27 - 2011-02-01 00:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-10 20:19 - 2014-04-10 20:20 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:12 - 2011-02-01 00:03 - 00001388 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-10 19:05 - 2012-05-05 13:15 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-04-10 19:02 - 2013-03-16 09:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-10 19:02 - 2012-05-06 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-10 19:02 - 2012-05-06 18:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:56 - 2011-02-01 00:03 - 00002000 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-10 17:38 - 2012-07-28 14:08 - 00000000 ____D () C:\Windows\Minidump
2014-04-10 17:38 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-04-10 17:31 - 2011-02-01 00:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-10 17:29 - 2012-05-05 13:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-10 17:27 - 2012-05-05 13:25 - 00000000 ____D () C:\Program Files\Adobe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:25 - 2014-04-10 17:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 17:25 - 2012-05-06 14:06 - 00000000 ____D () C:\Users\ASUS\Desktop\Photo Verwaltung
2014-04-07 18:50 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 18:50 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 18:50 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:25 - 2014-04-05 15:14 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-04-03 09:51 - 2014-04-12 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-14 16:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 07:30 - 2011-01-31 23:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-31 09:35 - 2012-05-06 13:57 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 18:08 - 2013-11-03 05:20 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 18:08 - 2013-11-03 05:20 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-20 06:49 - 2013-03-08 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 19:52 - 2014-03-18 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

ZeroAccess:
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\avgnt.exe
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 14:06

==================== End Of Log ============================
--- --- ---

schrauber 18.04.2014 16:13

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Sofakissen 19.04.2014 05:30
SETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64249efa58ba72498726ca55275b5aa8
# engine=17946
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-18 08:30:20
# local_time=2014-04-18 10:30:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 28225 263276310 20984 0
# compatibility_mode=5893 16776573 100 94 49121 149482870 0 0
# scanned=544533
# found=0
# cleaned=0
# scan_time=15786



Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
Google Chrome wtsapi32.dll..
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````





FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by ASUS (administrator) on ASUS-PC on 19-04-2014 06:28:08
Running from C:\Users\ASUS\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\DlProtectSvc.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\system32\pnrpnspd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD641ADAA4CBECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {EC5DB6FE-9D80-4809-B4EB-8FC55519AF33} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39BA5C75-2EF5-4A59-9CF7-352C7C631CC8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\security@protegere.org [2014-04-10]
FF Extension: Search by Image for Google - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2014-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{21418E73-0272-4F4A-AC08-87DA727D28D5}] - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi [2014-04-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (iStock Stats Improvements) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfdegfepelnnkenbodmhefohibemime [2013-12-03]
CHR Extension: (iStock lightbox tools) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdokojnopdoojlonecjjlgchgcneijof [2013-12-03]
CHR Extension: (iStock my_uploads fixes) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckloododgagaeepfamopjnjgbhbanlcg [2013-11-15]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (iStock Toolbar Updates) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcljmlmobmcahfkbhlcocelkbflfndn [2013-12-03]
CHR Extension: (iStock search/lightbox result modifications) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcjgiimamniclinkoigdkachooilbgi [2013-12-03]
CHR Extension: (Download Protect) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdhgffjdfmodalggkhpmmpfdmkpppop [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [126976 2014-04-10] ()
R2 UserAdcountControlSettings; C:\Windows\system32\pnrpnspd.exe [118784 2014-04-10] ()

==================== Drivers (Whitelisted) ====================

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 06:28 - 2014-04-19 06:28 - 00011965 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-19 06:24 - 2014-04-19 06:24 - 00987448 _____ () C:\Users\ASUS\Desktop\SecurityCheck.exe
2014-04-18 18:05 - 2014-04-18 18:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-18 18:04 - 2014-04-18 18:04 - 02347384 _____ (ESET) C:\Users\ASUS\Desktop\esetsmartinstaller_enu.exe
2014-04-17 16:51 - 2014-04-17 16:51 - 00001010 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:05 - 2014-04-17 16:37 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:17 - 2014-04-16 20:51 - 00000000 ____D () C:\Qoobox
2014-04-16 20:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 20:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 20:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 20:16 - 2014-04-16 20:46 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 07:09 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 07:09 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 07:09 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 07:09 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 07:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 07:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 07:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 07:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 07:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 07:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 07:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 07:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 07:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 07:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 07:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 07:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 15:25 - 2014-04-17 16:56 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-14 18:13 - 2014-04-19 06:28 - 00000000 ____D () C:\FRST
2014-04-14 18:12 - 2014-04-17 16:56 - 02158592 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-13 18:16 - 2014-04-16 07:24 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 15:21 - 2014-04-18 17:47 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-12 08:52 - 2014-04-17 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:51 - 2014-04-14 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 08:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 08:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 06:32 - 2014-04-16 20:56 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-11 15:17 - 2014-04-18 09:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:43 - 2014-04-11 07:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-10 20:20 - 2014-04-10 20:19 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-17 16:53 - 00001456 _____ () C:\Windows\setupact.log
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:25 - 2014-04-16 07:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:24 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 07:43 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 07:43 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 07:43 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 07:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 07:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 07:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 07:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 07:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 15:14 - 2014-04-05 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben

==================== One Month Modified Files and Folders =======

2014-04-19 06:28 - 2014-04-19 06:28 - 00011965 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-19 06:28 - 2014-04-14 18:13 - 00000000 ____D () C:\FRST
2014-04-19 06:26 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 06:26 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 06:24 - 2014-04-19 06:24 - 00987448 _____ () C:\Users\ASUS\Desktop\SecurityCheck.exe
2014-04-19 06:14 - 2013-11-03 05:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 05:35 - 2013-03-16 09:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 03:49 - 2011-01-31 23:38 - 01080080 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 18:05 - 2014-04-18 18:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-18 18:04 - 2014-04-18 18:04 - 02347384 _____ (ESET) C:\Users\ASUS\Desktop\esetsmartinstaller_enu.exe
2014-04-18 17:47 - 2014-04-12 15:21 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-18 17:13 - 2013-11-03 05:20 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 09:24 - 2014-04-11 15:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-17 16:56 - 2014-04-15 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-17 16:56 - 2014-04-14 18:12 - 02158592 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-17 16:53 - 2014-04-10 19:12 - 00001456 _____ () C:\Windows\setupact.log
2014-04-17 16:53 - 2013-09-13 07:58 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-17 16:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 16:51 - 2014-04-17 16:51 - 00001010 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:37 - 2014-04-17 16:05 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-17 15:10 - 2014-04-12 08:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 15:06 - 2012-05-06 14:07 - 01217536 _____ () C:\Users\ASUS\Desktop\Telearbeitszeiten5.xls
2014-04-16 20:56 - 2014-04-12 06:32 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-16 20:51 - 2014-04-16 20:17 - 00000000 ____D () C:\Qoobox
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:46 - 2014-04-16 20:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 20:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 09:39 - 2013-06-15 15:24 - 00000000 ____D () C:\Windows\rescache
2014-04-16 07:24 - 2014-04-13 18:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-16 07:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 07:17 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-15 07:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-14 17:35 - 2014-04-12 08:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 18:16 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Malwarebytes
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 13:04 - 2013-11-15 07:02 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 07:01 - 2014-04-11 06:43 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:49 - 2009-07-14 04:34 - 00000651 _____ () C:\Windows\win.ini
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-11 06:39 - 2013-07-15 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 06:36 - 2013-01-27 10:54 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 20:27 - 2011-02-01 00:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-10 20:19 - 2014-04-10 20:20 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:12 - 2011-02-01 00:03 - 00001388 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-10 19:05 - 2012-05-05 13:15 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-04-10 19:02 - 2013-03-16 09:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-10 19:02 - 2012-05-06 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-10 19:02 - 2012-05-06 18:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:56 - 2011-02-01 00:03 - 00002000 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-10 17:38 - 2012-07-28 14:08 - 00000000 ____D () C:\Windows\Minidump
2014-04-10 17:38 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-04-10 17:31 - 2011-02-01 00:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-10 17:29 - 2012-05-05 13:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-10 17:27 - 2012-05-05 13:25 - 00000000 ____D () C:\Program Files\Adobe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:25 - 2014-04-10 17:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 17:25 - 2012-05-06 14:06 - 00000000 ____D () C:\Users\ASUS\Desktop\Photo Verwaltung
2014-04-07 18:50 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 18:50 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 18:50 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:25 - 2014-04-05 15:14 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-04-03 09:51 - 2014-04-12 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-14 16:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 07:30 - 2011-01-31 23:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-31 09:35 - 2012-05-06 13:57 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 18:08 - 2013-11-03 05:20 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 18:08 - 2013-11-03 05:20 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-20 06:49 - 2013-03-08 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

ZeroAccess:
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\avgnt.exe
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 00:44

==================== End Of Log ============================
--- --- ---






so weit ich beurteilen kann, kaine Probleme mehr :)
DANKE :)

schrauber 19.04.2014 12:44
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ZeroAccess:
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

Sofakissen 19.04.2014 16:48
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014
Ran by ASUS at 2014-04-19 17:44:17 Run:1
Running from C:\Users\ASUS\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ZeroAccess:
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1} => Moved successfully.
"C:\Users\ASUS\AppData\Local\{a802cf91-f6ae-f6b0-27a0-7fd6acbd59c1}\@" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

schrauber 20.04.2014 18:00
Frisches FRST log fehlt :)

Sofakissen 21.04.2014 06:23

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by ASUS (administrator) on ASUS-PC on 21-04-2014 07:12:22
Running from C:\Users\ASUS\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\DlProtectSvc.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\system32\pnrpnspd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD641ADAA4CBECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {EC5DB6FE-9D80-4809-B4EB-8FC55519AF33} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39BA5C75-2EF5-4A59-9CF7-352C7C631CC8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\security@protegere.org [2014-04-10]
FF Extension: Search by Image for Google - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2014-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{21418E73-0272-4F4A-AC08-87DA727D28D5}] - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi [2014-04-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (iStock Stats Improvements) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfdegfepelnnkenbodmhefohibemime [2013-12-03]
CHR Extension: (iStock lightbox tools) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdokojnopdoojlonecjjlgchgcneijof [2013-12-03]
CHR Extension: (iStock my_uploads fixes) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckloododgagaeepfamopjnjgbhbanlcg [2013-11-15]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (iStock Toolbar Updates) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcljmlmobmcahfkbhlcocelkbflfndn [2013-12-03]
CHR Extension: (iStock search/lightbox result modifications) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcjgiimamniclinkoigdkachooilbgi [2013-12-03]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [126976 2014-04-10] ()
R2 UserAdcountControlSettings; C:\Windows\system32\pnrpnspd.exe [118784 2014-04-10] ()

==================== Drivers (Whitelisted) ====================

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 07:12 - 2014-04-21 07:12 - 00012211 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-19 17:55 - 2014-04-19 17:55 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-19 17:55 - 2014-04-19 17:55 - 00000000 ____D () C:\Program Files\Java
2014-04-19 17:54 - 2014-04-19 17:54 - 30818216 _____ (Oracle Corporation) C:\Users\ASUS\Desktop\jre-7u55-windows-x64.exe
2014-04-19 06:24 - 2014-04-19 06:24 - 00987448 _____ () C:\Users\ASUS\Desktop\SecurityCheck.exe
2014-04-18 18:04 - 2014-04-18 18:04 - 02347384 _____ (ESET) C:\Users\ASUS\Desktop\esetsmartinstaller_enu.exe
2014-04-17 16:51 - 2014-04-17 16:51 - 00001010 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:05 - 2014-04-17 16:37 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:17 - 2014-04-16 20:51 - 00000000 ____D () C:\Qoobox
2014-04-16 20:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 20:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 20:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 20:16 - 2014-04-16 20:46 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 07:09 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 07:09 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 07:09 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 07:09 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 07:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 07:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 07:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 07:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 07:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 07:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 07:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 07:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 07:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 07:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 07:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 07:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 15:25 - 2014-04-21 07:12 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-14 18:13 - 2014-04-21 07:12 - 00000000 ____D () C:\FRST
2014-04-14 18:12 - 2014-04-21 07:12 - 02056704 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-13 18:16 - 2014-04-19 17:46 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 15:21 - 2014-04-18 17:47 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-12 08:52 - 2014-04-17 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:51 - 2014-04-14 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 08:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 08:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 06:32 - 2014-04-16 20:56 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-11 15:17 - 2014-04-19 17:39 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:43 - 2014-04-11 07:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-10 20:20 - 2014-04-10 20:19 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-19 17:46 - 00001512 _____ () C:\Windows\setupact.log
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:25 - 2014-04-16 07:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:24 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 07:43 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 07:43 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 07:43 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 07:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 07:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 07:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 07:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 07:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 15:14 - 2014-04-05 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben

==================== One Month Modified Files and Folders =======

2014-04-21 07:13 - 2013-11-03 05:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 07:12 - 2014-04-21 07:12 - 00012211 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-21 07:12 - 2014-04-15 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-21 07:12 - 2014-04-14 18:13 - 00000000 ____D () C:\FRST
2014-04-21 07:12 - 2014-04-14 18:12 - 02056704 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-21 07:03 - 2013-03-16 09:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 18:54 - 2013-11-03 05:20 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 17:55 - 2014-04-19 17:55 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-19 17:55 - 2014-04-19 17:55 - 00000000 ____D () C:\Program Files\Java
2014-04-19 17:54 - 2014-04-19 17:54 - 30818216 _____ (Oracle Corporation) C:\Users\ASUS\Desktop\jre-7u55-windows-x64.exe
2014-04-19 17:54 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 17:54 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 17:46 - 2014-04-13 18:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 17:46 - 2014-04-10 19:12 - 00001512 _____ () C:\Windows\setupact.log
2014-04-19 17:46 - 2013-09-13 07:58 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-19 17:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 17:45 - 2011-01-31 23:38 - 01100308 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 17:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-19 17:39 - 2014-04-11 15:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-19 08:19 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-19 08:19 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-19 08:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 06:24 - 2014-04-19 06:24 - 00987448 _____ () C:\Users\ASUS\Desktop\SecurityCheck.exe
2014-04-18 18:04 - 2014-04-18 18:04 - 02347384 _____ (ESET) C:\Users\ASUS\Desktop\esetsmartinstaller_enu.exe
2014-04-18 17:47 - 2014-04-12 15:21 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-17 16:51 - 2014-04-17 16:51 - 00001010 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:37 - 2014-04-17 16:05 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-17 15:10 - 2014-04-12 08:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 15:06 - 2012-05-06 14:07 - 01217536 _____ () C:\Users\ASUS\Desktop\Telearbeitszeiten5.xls
2014-04-16 20:56 - 2014-04-12 06:32 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-16 20:51 - 2014-04-16 20:17 - 00000000 ____D () C:\Qoobox
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:46 - 2014-04-16 20:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 20:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 09:39 - 2013-06-15 15:24 - 00000000 ____D () C:\Windows\rescache
2014-04-16 07:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 07:17 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-15 07:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-14 17:35 - 2014-04-12 08:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Malwarebytes
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 13:04 - 2013-11-15 07:02 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 07:01 - 2014-04-11 06:43 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:49 - 2009-07-14 04:34 - 00000651 _____ () C:\Windows\win.ini
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-11 06:39 - 2013-07-15 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 06:36 - 2013-01-27 10:54 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 20:27 - 2011-02-01 00:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-10 20:19 - 2014-04-10 20:20 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:12 - 2011-02-01 00:03 - 00001388 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-10 19:05 - 2012-05-05 13:15 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-04-10 19:02 - 2013-03-16 09:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-10 19:02 - 2012-05-06 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-10 19:02 - 2012-05-06 18:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:56 - 2011-02-01 00:03 - 00002000 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-10 17:38 - 2012-07-28 14:08 - 00000000 ____D () C:\Windows\Minidump
2014-04-10 17:38 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-04-10 17:31 - 2011-02-01 00:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-10 17:29 - 2012-05-05 13:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-10 17:27 - 2012-05-05 13:25 - 00000000 ____D () C:\Program Files\Adobe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:25 - 2014-04-10 17:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 17:25 - 2012-05-06 14:06 - 00000000 ____D () C:\Users\ASUS\Desktop\Photo Verwaltung
2014-04-05 15:25 - 2014-04-05 15:14 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-04-03 09:51 - 2014-04-12 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-14 16:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 07:30 - 2011-01-31 23:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-31 09:35 - 2012-05-06 13:57 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 18:08 - 2013-11-03 05:20 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 18:08 - 2013-11-03 05:20 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\avgnt.exe
C:\Users\ASUS\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 00:44

==================== End Of Log ============================
--- --- ---

schrauber 21.04.2014 20:49

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Sofakissen 22.04.2014 06:46
Huhu,

Du ich verstehe das jetzt nicht mehr. Ich habe keinerlei Probleme mehr. Aus welchen Gründen geht's denn jetzt immer weiter? :glaskugel:

Gruß

schrauber 22.04.2014 14:23
Weil ich jetzt keine aktive malware mehr sehe, der Onlinescan aber dazu dient nach Resten zu suchen, die unsere Tools nicht sehen. Damit du nicht in nem Monat nochmal hier bist :)

Sofakissen 23.04.2014 12:10
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64249efa58ba72498726ca55275b5aa8
# engine=17976
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-22 06:14:07
# local_time=2014-04-22 08:14:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 25245 263613737 17994 0
# compatibility_mode=5893 16776573 100 94 334497 149820297 0 0
# scanned=501210
# found=0
# cleaned=0
# scan_time=15021
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64249efa58ba72498726ca55275b5aa8
# engine=17985
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-23 10:54:53
# local_time=2014-04-23 12:54:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 17543 263673783 10291 0
# compatibility_mode=5893 16776573 100 94 394543 149880343 0 0
# scanned=553386
# found=0
# cleaned=0
# scan_time=17348



Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
Google Chrome wtsapi32.dll..
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by ASUS (administrator) on ASUS-PC on 23-04-2014 13:08:06
Running from C:\Users\ASUS\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\DlProtectSvc.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Windows\system32\pnrpnspd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(EAZIGN bvba) C:\Program Files (x86)\Eazign\DeepMeta\DeepMeta.exe
(Adobe Systems) C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.4\lightroom.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD641ADAA4CBECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {EC5DB6FE-9D80-4809-B4EB-8FC55519AF33} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39BA5C75-2EF5-4A59-9CF7-352C7C631CC8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\security@protegere.org [2014-04-10]
FF Extension: Search by Image for Google - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\xngipxdj.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2014-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{21418E73-0272-4F4A-AC08-87DA727D28D5}] - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0C4BE4D0-B8AE-4C08-BE74-E59F09E57034}\{21418E73-0272-4F4A-AC08-87DA727D28D5}.xpi [2014-04-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (iStock Stats Improvements) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbfdegfepelnnkenbodmhefohibemime [2013-12-03]
CHR Extension: (iStock lightbox tools) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdokojnopdoojlonecjjlgchgcneijof [2013-12-03]
CHR Extension: (iStock my_uploads fixes) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckloododgagaeepfamopjnjgbhbanlcg [2013-11-15]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (iStock Toolbar Updates) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcljmlmobmcahfkbhlcocelkbflfndn [2013-12-03]
CHR Extension: (iStock search/lightbox result modifications) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcjgiimamniclinkoigdkachooilbgi [2013-12-03]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [126976 2014-04-10] ()
R2 UserAdcountControlSettings; C:\Windows\system32\pnrpnspd.exe [118784 2014-04-10] ()

==================== Drivers (Whitelisted) ====================

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [46384 2009-04-24] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 13:08 - 2014-04-23 13:08 - 00012466 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-23 08:48 - 2014-04-23 08:49 - 00000094 ____H () C:\Users\ASUS\Desktop\.~lock.Telearbeitszeiten5.xls#
2014-04-22 15:54 - 2014-04-22 15:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-19 17:55 - 2014-04-19 17:55 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-19 17:55 - 2014-04-19 17:55 - 00000000 ____D () C:\Program Files\Java
2014-04-19 17:54 - 2014-04-19 17:54 - 30818216 _____ (Oracle Corporation) C:\Users\ASUS\Desktop\jre-7u55-windows-x64.exe
2014-04-19 06:24 - 2014-04-19 06:24 - 00987448 _____ () C:\Users\ASUS\Desktop\SecurityCheck.exe
2014-04-18 18:04 - 2014-04-18 18:04 - 02347384 _____ (ESET) C:\Users\ASUS\Desktop\esetsmartinstaller_enu.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:05 - 2014-04-17 16:37 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:17 - 2014-04-16 20:51 - 00000000 ____D () C:\Qoobox
2014-04-16 20:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 20:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 20:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 20:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 20:16 - 2014-04-16 20:46 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 07:09 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 07:09 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 07:09 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 07:09 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 07:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-16 07:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 07:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-16 07:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 07:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 07:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-16 07:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 07:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 07:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 07:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 07:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 07:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 07:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 07:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 07:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 07:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 07:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 07:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 07:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 07:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 07:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 07:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 07:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 07:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 07:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 07:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 07:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 07:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 15:25 - 2014-04-23 13:08 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-14 18:13 - 2014-04-23 13:08 - 00000000 ____D () C:\FRST
2014-04-14 18:12 - 2014-04-23 13:08 - 02061312 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-13 18:16 - 2014-04-19 17:46 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 15:21 - 2014-04-23 12:18 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-12 08:52 - 2014-04-17 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:51 - 2014-04-14 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 08:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 08:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 06:32 - 2014-04-16 20:56 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-11 15:17 - 2014-04-22 18:57 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:43 - 2014-04-11 07:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-10 20:20 - 2014-04-10 20:19 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-22 18:51 - 00001680 _____ () C:\Windows\setupact.log
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:25 - 2014-04-16 07:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:24 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 07:43 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 07:43 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 07:43 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 07:43 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 07:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 07:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 07:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 07:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 07:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 07:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 15:14 - 2014-04-05 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben

==================== One Month Modified Files and Folders =======

2014-04-23 13:08 - 2014-04-23 13:08 - 00012466 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-04-23 13:08 - 2014-04-15 15:25 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-04-23 13:08 - 2014-04-14 18:13 - 00000000 ____D () C:\FRST
2014-04-23 13:08 - 2014-04-14 18:12 - 02061312 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-04-23 12:35 - 2013-03-16 09:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 12:18 - 2014-04-12 15:21 - 00000000 ____D () C:\Users\ASUS\Desktop\Twitter
2014-04-23 12:13 - 2013-11-03 05:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 08:49 - 2014-04-23 08:48 - 00000094 ____H () C:\Users\ASUS\Desktop\.~lock.Telearbeitszeiten5.xls#
2014-04-23 08:49 - 2012-05-06 14:07 - 01217536 _____ () C:\Users\ASUS\Desktop\Telearbeitszeiten5.xls
2014-04-23 08:27 - 2011-01-31 23:38 - 01156851 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 18:57 - 2014-04-11 15:17 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\PhotoLine
2014-04-22 18:51 - 2014-04-10 19:12 - 00001680 _____ () C:\Windows\setupact.log
2014-04-22 17:14 - 2013-11-03 05:20 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 15:54 - 2014-04-22 15:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-19 17:55 - 2014-04-19 17:55 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-19 17:55 - 2014-04-19 17:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-19 17:55 - 2014-04-19 17:55 - 00000000 ____D () C:\Program Files\Java
2014-04-19 17:54 - 2014-04-19 17:54 - 30818216 _____ (Oracle Corporation) C:\Users\ASUS\Desktop\jre-7u55-windows-x64.exe
2014-04-19 17:54 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 17:54 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 17:46 - 2014-04-13 18:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 17:46 - 2013-09-13 07:58 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-19 17:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 17:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-19 08:19 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-19 08:19 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-19 08:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 06:24 - 2014-04-19 06:24 - 00987448 _____ () C:\Users\ASUS\Desktop\SecurityCheck.exe
2014-04-18 18:04 - 2014-04-18 18:04 - 02347384 _____ (ESET) C:\Users\ASUS\Desktop\esetsmartinstaller_enu.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 16:37 - 2014-04-17 16:05 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:05 - 2014-04-17 16:05 - 01426178 _____ () C:\Users\ASUS\Desktop\adwcleaner.exe
2014-04-17 15:10 - 2014-04-12 08:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 20:56 - 2014-04-12 06:32 - 00095790 _____ () C:\Windows\PFRO.log
2014-04-16 20:51 - 2014-04-16 20:17 - 00000000 ____D () C:\Qoobox
2014-04-16 20:50 - 2014-04-16 20:50 - 00024626 _____ () C:\ComboFix.txt
2014-04-16 20:46 - 2014-04-16 20:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 20:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 19:57 - 2014-04-16 19:57 - 05194807 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-04-16 09:39 - 2013-06-15 15:24 - 00000000 ____D () C:\Windows\rescache
2014-04-16 07:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 07:17 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\BupSystem
2014-04-15 07:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-14 17:35 - 2014-04-12 08:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-12 17:16 - 2014-04-12 17:16 - 03334777 _____ () C:\Users\ASUS\Desktop\plmanual.zip
2014-04-12 08:52 - 2014-04-12 08:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Malwarebytes
2014-04-12 08:52 - 2012-07-23 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 15:17 - 2014-04-11 15:17 - 00000836 _____ () C:\Users\ASUS\Desktop\PhotoLine (64 Bit).lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000826 _____ () C:\Users\ASUS\Desktop\PhotoLine.lnk
2014-04-11 15:17 - 2014-04-11 15:17 - 00000000 ____D () C:\Program Files\PhotoLine
2014-04-11 15:15 - 2014-04-11 15:15 - 20988283 _____ () C:\Users\ASUS\Desktop\photoline pl.zip
2014-04-11 13:04 - 2013-11-15 07:02 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 07:01 - 2014-04-11 06:43 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-04-11 07:00 - 2014-04-11 07:00 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-11 07:00 - 2014-04-11 07:00 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-11 07:00 - 2014-04-11 07:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 06:49 - 2009-07-14 04:34 - 00000651 _____ () C:\Windows\win.ini
2014-04-11 06:47 - 2014-04-11 06:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2014-04-11 06:41 - 2014-04-11 06:41 - 00001651 _____ () C:\Users\ASUS\Desktop\Continue FLV Player.lnk
2014-04-11 06:39 - 2013-07-15 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 06:36 - 2013-01-27 10:54 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 20:27 - 2011-02-01 00:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-10 20:19 - 2014-04-10 20:20 - 03419168 _____ () C:\Users\ASUS\Desktop\handbuch Photoline.zip
2014-04-10 19:12 - 2014-04-10 19:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:12 - 2011-02-01 00:03 - 00001388 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-10 19:05 - 2012-05-05 13:15 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-04-10 19:02 - 2013-03-16 09:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-10 19:02 - 2012-05-06 18:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-10 19:02 - 2012-05-06 18:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-10 18:54 - 2014-04-10 18:54 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-10 17:56 - 2011-02-01 00:03 - 00002000 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-10 17:38 - 2012-07-28 14:08 - 00000000 ____D () C:\Windows\Minidump
2014-04-10 17:38 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-04-10 17:31 - 2011-02-01 00:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-10 17:29 - 2012-05-05 13:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-10 17:27 - 2012-05-05 13:25 - 00000000 ____D () C:\Program Files\Adobe
2014-04-10 17:25 - 2014-04-10 17:25 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-10 17:25 - 2014-04-10 17:25 - 00118784 _____ () C:\Windows\system32\pnrpnspd.exe
2014-04-10 17:25 - 2014-04-10 17:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Security System 2
2014-04-10 17:25 - 2012-05-06 14:06 - 00000000 ____D () C:\Users\ASUS\Desktop\Photo Verwaltung
2014-04-05 15:25 - 2014-04-05 15:14 - 00000000 ____D () C:\Users\ASUS\Desktop\Freigaben
2014-04-03 09:51 - 2014-04-12 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-14 16:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 07:30 - 2011-01-31 23:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-31 09:35 - 2012-05-06 13:57 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 18:08 - 2013-11-03 05:20 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 18:08 - 2013-11-03 05:20 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\avgnt.exe
C:\Users\ASUS\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 00:44

==================== End Of Log ============================
--- --- ---

schrauber 24.04.2014 07:56
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sofakissen 24.04.2014 16:57
Hallo Schrauber , alles erledigt und danke auch noch mal für die zusätzlichen Tipps. Dankesthread eröffnet und :alc:

Bis denne
Sofakissen

jetzt habe ich doch noch was: habe gerade gesehen, dass der eine Ordner, der sich nach irgend einem scan gebildet hat "$ReCYCLE.BIN" nicht gelöscht hat. Er ist leer, soll ich ihn löschen?

schrauber 25.04.2014 09:38
Wo ist der Ordner? Screenshot davon bitte.

Sofakissen 25.04.2014 12:02
Liste der Anhänge anzeigen (Anzahl: 1)
siehe Anhang :dankeschoen:

schrauber 26.04.2014 08:09
Schau mal in den Ordneroptionen ob versteckte Dateien angezeigt werden. Wenn ja umstellen auf nicht anzeigen.

Sofakissen 26.04.2014 15:48
war und ist auf "nicht anzeigen"

schrauber 26.04.2014 18:49
Dann kannste ihn einfach Löschen.

Sofakissen 27.04.2014 06:11
:abklatsch:
:taenzer: :daumenhoc :daumenhoc :taenzer:

Dank Dir noch mal Schrauber!!! Hochachtung vor Deinem Engagement egal ob Wochenende, Feiertag oder Abend. Danke!!!!

Danke auch insbesondere für Deine Geduld :rolleyes:

Tschüß
Sofakissen

schrauber 28.04.2014 07:17
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131