Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   windows 8 - Seiten im Browser öffnen sich selbständig (https://www.trojaner-board.de/159147-windows-8-seiten-browser-oeffnen-selbstaendig.html)

6cylinders 27.09.2014 14:28
windows 8 - Seiten im Browser öffnen sich selbständig
 
Hallo,
mein Vater hat sich offensichtlich einen Virus oder Trojaner eingefangen. Wenn man Googlechrome startet öffnet sich die Seite hxxp://feed.helperbar.com und anschließend werden irgendwelche Seiten wie McAffee, Yahoo Search, etc. geöffnet. In einem neuen Fenster wird auch öfter folgendes geöffnet:
hxxp://zym.tollbahsuburban.com/sd/dw32.html?u=http%3A%2F%2Fplh.tractionize.com%2FWhiteLabelBidRequestHandlerServlet%3Foid%3D1%26width%3D1%26height%3D100%26pubid%3D9700%26tagid%3D1043%2 6noaop%3D1%26revmod%3DCRD%26cb%3Dcybabw%26encoded%3D1%26cirf%3Dhttp%3A%2F%2Fwww.trojaner-board.de%2Fsearch.php%26pstn%3D97001043&p=PlusHDV1.8&a=&c=9700-1043&b=chrome&bv=37&t1=1411823142076&tt=1411823142076&r=www.trojaner-board.de&ua=9&n=convertmedia&sn=&mpa=0&mp=0

Habe Farbar mal laufen lassen und folgende Logfiles erhalten:

FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by Jochen (administrator) on OPANOTEBOOK on 27-09-2014 15:10:14
Running from C:\Users\Jochen\Downloads
Loaded Profile: Jochen (Available profiles: UpdatusUser & Jochen & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ChannelHD) C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-10.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-11.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Smartbar) C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jochen\AppData\Local\Smartbar\Application\Lrcnta.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [fst_de_82] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [16986624 2014-07-20] (AnyProtect.com)
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-504498417-3501680465-2119088048-1002\...\Run: [Browser Infrastructure Helper] => C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-28] (Smartbar)
HKU\S-1-5-21-504498417-3501680465-2119088048-1002\...\Run: [UzfaMakf] => regsvr32.exe "C:\ProgramData\UzfaMakf\UzfaMakf.dat"
HKU\S-1-5-21-504498417-3501680465-2119088048-1002\...\Run: [OlfaQhig] => regsvr32.exe "C:\ProgramData\OlfaQhig\OlfaQhig.dat"
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c_iGb2JIhoUKroU4bFTqQFCMiFEfNTgzngU8Yy7gMtU99Z6oW2qwW9Fj1Qnc_bF3qlBvtS6EIDR5xqjA-dnK1lPv3-FP0_woM4AeP1JhZ5llviFTZZX9h8Ip_o2O37Dg80_GRBYjZR-1sJSQDQrV_NlFDlCbX_zP3Sg,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c_iGb2JIhoUKroU4bFTqQFCMiFEfNTgzngU8Yy7gMtU99Z6oW2qwW9Fj1Qnc_bF3qlBvtS6EIDR5xqjA-dnK1lPv3-FP0_woM4AeP1JhZ5llviFTZZX9h8Ip_o2O37Dg80_GRBYjZR-1sJSQDQrV_NlFDlCbX_zP3Sg,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404745097&from=cor&uid=HGSTXHTS541075A9E680_J8110076KE72BKKE72BKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404745097&from=cor&uid=HGSTXHTS541075A9E680_J8110076KE72BKKE72BKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404745097&from=cor&uid=HGSTXHTS541075A9E680_J8110076KE72BKKE72BKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404745097&from=cor&uid=HGSTXHTS541075A9E680_J8110076KE72BKKE72BKX&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c_iGb2JIhoUKroU4bFTqQFCMiFEfNTgzngU8Yy7gMtU99Z6oW2qwW9Fj1Qnc_bF3qlBvtS6EIDR5xqjA-dnK1lPv3-FP0_woM4AeP1JhZ5llviFTZZX9h8Ip_o2O37Dg80_GRBYjZR-1sJSQACVDxIJcDtRUb0vcpnA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c_iGb2JIhoUKroU4bFTqQFCMiFEfNTgzngU8Yy7gMtU99Z6oW2qwW9Fj1Qnc_bF3qlBvtS6EIDR5xqjA-dnK1lPv3-FP0_woM4AeP1JhZ5llviFTZZX9h8Ip_o2O37Dg80_GRBYjZR-1sJSQDQrV_NlFDlCbX_zP3Sg,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c_iGb2JIhoUKroU4bFTqQFCMiFEfNTgzngU8Yy7gMtU99Z6oW2qwW9Fj1Qnc_bF3qlBvtS6EIDR5xqjA-dnK1lPv3-FP0_woM4AeP1JhZ5llviFTZZX9h8Ip_o2O37Dg80_GRBYjZR-1sJSQDQrV_NlFDlCbX_zP3Sg,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c_iGb2JIhoUKroU4bFTqQFCMiFEfNTgzngU8Yy7gMtU99Z6oW2qwW9Fj1Qnc_bF3qlBvtS6EIDR5xqjA-dnK1lPv3-FP0_woM4AeP1JhZ5llviFTZZX9h8Ip_o2O37Dg80_GRBYjZR-1sJSQDQrV_NlFDlCbX_zP3Sg,,&q={searchTerms}
BHO: CinemaHDplus-V1.8 -> {11111111-1111-1111-1111-110511951168} -> C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho64.dll (ChannelHD)
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: CinemaHDplus-V1.8 -> {11111111-1111-1111-1111-110511951168} -> C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-bho.dll (ChannelHD)
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll (NetCrawl)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.10.10.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-27]

Chrome:
=======
CHR Profile: C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]
CHR Extension: (Google Drive) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (YouTube) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (CinemaHDplus-V1.8) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi [2014-07-24]
CHR Extension: (Google Search) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (AdBlock) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (Gmail) - C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-21] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-21] (globalUpdate) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [757872 2014-06-19] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [318752 2014-07-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-07] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation                          )
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 15:10 - 2014-09-27 15:10 - 00022590 _____ () C:\Users\Jochen\Downloads\FRST.txt
2014-09-27 15:09 - 2014-09-27 15:10 - 00000000 ____D () C:\FRST
2014-09-27 15:08 - 2014-09-27 15:09 - 02108928 _____ (Farbar) C:\Users\Jochen\Downloads\FRST64.exe
2014-09-27 14:58 - 2014-09-27 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-26 12:34 - 2014-09-02 21:32 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-26 12:34 - 2014-09-02 21:32 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 12:19 - 2014-08-09 10:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-09-26 12:19 - 2014-08-09 10:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2014-09-17 15:04 - 2014-09-17 15:04 - 00349760 _____ () C:\Users\Jochen\Downloads\Setup (3).exe
2014-09-17 14:59 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-17 14:59 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-17 14:59 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-09-17 14:59 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-17 14:59 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-17 14:59 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-17 14:59 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-17 14:59 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-17 14:59 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-17 14:59 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-17 14:59 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-17 14:59 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-17 14:59 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-17 14:59 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-17 14:59 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-17 14:59 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-17 14:59 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-17 14:59 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-09-17 14:59 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-17 14:59 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-17 14:59 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-17 14:59 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-09-17 14:59 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-17 14:59 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-09-17 14:59 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-17 14:59 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-17 14:59 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-17 14:58 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-17 14:58 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-17 14:53 - 2014-08-21 01:40 - 00732880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-09-17 14:53 - 2014-08-20 19:05 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-17 14:53 - 2014-08-20 19:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-09-17 14:53 - 2014-08-20 19:05 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 14:53 - 2014-08-20 19:02 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-17 14:53 - 2014-08-20 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 14:53 - 2014-06-24 09:35 - 00010450 _____ () C:\WINDOWS\system32\autoconfig.cab
2014-09-17 14:53 - 2014-06-24 08:41 - 10115584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-17 14:53 - 2014-06-24 08:40 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-09-17 14:53 - 2014-06-24 08:39 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-17 14:53 - 2014-06-24 08:39 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-17 14:53 - 2014-06-24 06:08 - 08858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-17 14:53 - 2014-06-24 06:06 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-17 14:53 - 2014-06-24 06:06 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-10 17:21 - 2014-09-10 17:21 - 01339656 _____ () C:\Users\Jochen\Downloads\Player Setup.exe
2014-09-10 17:19 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2014-09-10 17:19 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2014-09-10 17:18 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-10 17:18 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-10 17:18 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-10 17:18 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-10 17:18 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-10 17:18 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-10 17:18 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-10 17:18 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-09-10 17:18 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-10 17:18 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 17:18 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 17:18 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 17:18 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-10 17:18 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-10 17:10 - 2014-09-10 17:10 - 01339632 _____ () C:\Users\Jochen\Downloads\Setup (2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 15:04 - 2013-04-18 04:22 - 02010909 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-27 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-27 14:57 - 2014-07-04 11:47 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 14:55 - 2014-07-20 14:20 - 00003258 _____ () C:\WINDOWS\System32\Tasks\PC Speed Maximizer Schedule
2014-09-27 14:55 - 2014-06-26 15:28 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-504498417-3501680465-2119088048-1002
2014-09-26 13:58 - 2014-06-26 15:23 - 00000401 _____ () C:\Users\Jochen\AppData\Roaming\sp_data.sys
2014-09-26 13:57 - 2014-07-21 10:51 - 00001474 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-5_user.job
2014-09-26 13:57 - 2014-07-21 10:51 - 00001454 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-5.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00003156 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-3.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00002366 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-4.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00001616 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-1.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00001608 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-6.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00001544 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-7.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00001380 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-2.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00001316 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-10.job
2014-09-26 13:57 - 2014-07-21 10:50 - 00000614 _____ () C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-11.job
2014-09-26 13:57 - 2014-07-04 11:47 - 00002232 _____ () C:\WINDOWS\Tasks\0d370406-c5c5-4e5a-9e06-2a77ce099c86-4.job
2014-09-26 13:57 - 2014-07-04 11:47 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 13:57 - 2014-07-04 11:47 - 00000948 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-26 13:56 - 2012-08-02 15:24 - 00022944 _____ () C:\WINDOWS\PFRO.log
2014-09-26 13:56 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-26 13:51 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-26 12:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-26 12:33 - 2014-07-20 14:01 - 00281784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-26 12:33 - 2012-11-27 06:11 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-26 12:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-26 12:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-26 12:30 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-26 12:30 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-26 12:30 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-09-26 12:30 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-09-26 12:30 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-17 16:55 - 2014-07-04 11:47 - 00000952 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-17 14:58 - 2014-06-28 12:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-17 14:50 - 2014-06-28 12:14 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 17:23 - 2014-07-04 11:47 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Smartbar

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Jochen\AppData\Local\Temp\AutoRun.exe
C:\Users\Jochen\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jochen\AppData\Local\Temp\COMAP.EXE
C:\Users\Jochen\AppData\Local\Temp\nsd151.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 18:48

==================== End Of Log ============================
Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by Jochen at 2014-09-27 15:11:10
Running from C:\Users\Jochen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.1 - CMI Limited) <==== ATTENTION
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
CinemaHDplus-V1.8 (HKLM-x32\...\CinemaHDplus-V1.8) (Version: 1.34.7.1 - ChannelHD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FLV Player (remove only) (HKLM-x32\...\FLVM Player) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.07.124710 - NetCrawl) <==== ATTENTION
NVIDIA Control Panel 311.00 (Version: 311.00 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PTV Europe City Map Premium 2014.1N (C:\ProgramData\PTV-AG\PTV Map&Guide desktop\20\maps\EuropePremium.geo) (HKLM-x32\...\{9E605EA3-BD98-4C87-AA36-7FCE01E39514}) (Version: 20.00.0000 - PTV Group)
PTV Map&Guide desktop 2014 (HKLM-x32\...\{C2214836-CC42-4D26-B849-6B2C0B241CAC}) (Version: 20.0.0.5851 - PTV Group)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Yahoo Community Smartbar (HKLM-x32\...\{3BC7022B-CDE0-4664-9AB6-E3EC25CE644A}) (Version: 11.63.66.17714 - Linkury Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-08-2014 10:01:52 Windows Update
17-09-2014 12:47:30 Windows Update
26-09-2014 10:12:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00498A5F-C837-47CC-9C58-ABEBC8ED6288} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\WINDOWS\system32\NotificationUI.exe [2014-08-21] (Microsoft Corporation)
Task: {15476BF9-9C01-4076-8ACE-9DF5206CFBBB} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-10 => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-10.exe [2014-07-21] (ChannelHD)
Task: {19337655-743C-4028-B518-AB944FE4591F} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-2 => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-2.exe [2014-07-21] (ChannelHD)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D87E55A-08AC-426D-BE75-CD219003A79D} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-07-20] (AnyProtect.com) <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {294019B3-A947-4C1D-95D5-6FB87BC8DEB1} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {2BA39313-B4B8-4D23-AD42-C003C9A24CB2} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions)
Task: {40762FB9-AA59-4509-92C1-09CEF9DFF4EA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {5A46F3C0-3A44-4500-9654-9594FAE4B6D7} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {603A2E11-5B32-4AE7-8C99-3B8BD91F3736} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-7 => C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-nova.exe [2014-07-21] (ChannelHD)
Task: {67FC433F-A481-46CC-8C26-08D8E2789E17} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-07-20] (AnyProtect.com) <==== ATTENTION
Task: {73DD90D8-190E-4F47-A2E6-75B85F2FD90F} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-3 => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-3.exe [2014-07-21] (ChannelHD)
Task: {74B69A71-1810-4DD9-9DBD-E28D12E81D88} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-5_user => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-5.exe [2014-07-21] (ChannelHD)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABCA386F-1209-4B0E-B594-1E7A96E51C7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {AC9B60D4-EDA4-47FB-8DDC-135B10A2CD86} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-17] (Microsoft Corporation)
Task: {AFB556BB-F9B1-4701-8348-2B335A86518A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {B2AC8B7D-DFFA-48B9-89DB-1C2FFADB3AC9} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-6 => C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-novainstaller.exe [2014-07-21] (ChannelHD)
Task: {B9891B7B-937C-4710-B65B-7CCE24094CD3} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) <==== ATTENTION
Task: {C14A89D1-FCBA-4507-91D3-3E06AD552391} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {C173898C-9630-4A2D-B017-C5148694ED44} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {C42C00A0-D989-476F-94F4-9743FDA757DD} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB1BD231-942A-4121-99A9-00BF4BB1C3B9} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-07-20] (AnyProtect.com) <==== ATTENTION
Task: {CC44C179-93C6-46C2-8966-04858DCCB242} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-4 => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-4.exe [2014-07-21] (ChannelHD)
Task: {D7D1400A-86B6-4D14-A9DE-7628FE81D4D9} - System32\Tasks\0d370406-c5c5-4e5a-9e06-2a77ce099c86-4 => C:\Program Files (x86)\HQube-V1.6\0d370406-c5c5-4e5a-9e06-2a77ce099c86-4.exe
Task: {E5E1BB4A-37C7-432E-B2D8-512569ABBE3A} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-1 => C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-codedownloader.exe [2014-07-21] (ChannelHD)
Task: {EB377D32-81D3-4836-BCED-4777611C3414} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F5799B8B-0A05-47DB-8419-184D5A886B8C} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-11 => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-11.exe [2014-07-21] ()
Task: {F7977512-CFC6-4BCC-A7BB-871FA039DA11} - System32\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-5 => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-5.exe [2014-07-21] (ChannelHD)
Task: C:\WINDOWS\Tasks\0d370406-c5c5-4e5a-9e06-2a77ce099c86-4.job => C:\Program Files (x86)\HQube-V1.6\0d370406-c5c5-4e5a-9e06-2a77ce099c86-4.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-1.job => C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-codedownloader.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-10.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-10.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-11.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-11.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-2.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-2.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-3.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-3.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-4.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-4.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-5.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-5.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-5_user.job => C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-5.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-6.job => C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-novainstaller.exe
Task: C:\WINDOWS\Tasks\345bf5bb-cf63-48f3-80ea-ea881b192171-7.job => C:\Program Files (x86)\CinemaHDplus-V1.8\CinemaHDplus-V1.8-nova.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-07 16:58 - 2014-06-19 11:40 - 00757872 _____ () C:\ProgramData\IePluginServices\PluginService.exe
2014-07-07 14:47 - 2014-07-07 14:47 - 00318752 _____ () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
2012-10-04 15:58 - 2012-10-04 15:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 15:58 - 2012-10-04 15:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-07-21 10:50 - 2014-07-21 10:50 - 00027160 _____ () C:\Program Files (x86)\CinemaHDplus-V1.8\345bf5bb-cf63-48f3-80ea-ea881b192171-11.exe
2013-01-21 10:52 - 2012-11-21 10:58 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00025088 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Lrcnta.exe
2012-09-11 15:01 - 2012-09-11 15:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00051712 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00087552 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srau.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00167424 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 02426880 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00068608 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\spbl.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00160256 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00015872 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\siem.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00069120 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00698368 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00016384 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00080384 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00028672 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00071680 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srut.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00031232 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00067072 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00152064 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\smti.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00075264 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\smsp.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00011776 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\sidc.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00032256 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\smtu.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00040448 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\smta.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00032768 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srom.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00048640 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srbu.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00025600 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\sgml.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00063488 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00026624 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00045056 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-28 14:52 - 2014-08-28 14:52 - 00026624 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00036864 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-28 14:57 - 2014-08-28 14:57 - 00257024 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\srns.dll
2013-04-18 04:28 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-31 11:43 - 2014-08-31 11:43 - 00329248 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\Resources\crdli.dll
2014-09-26 12:58 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-26 12:58 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-26 12:58 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-26 12:58 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-26 12:58 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-26 12:58 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2014-08-28 14:56 - 2014-08-28 14:56 - 00034816 _____ () C:\Users\Jochen\AppData\Local\Smartbar\Application\lrcnt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-504498417-3501680465-2119088048-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-504498417-3501680465-2119088048-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-504498417-3501680465-2119088048-1006 - Limited - Enabled)
Jochen (S-1-5-21-504498417-3501680465-2119088048-1002 - Administrator - Enabled) => C:\Users\Jochen
UpdatusUser (S-1-5-21-504498417-3501680465-2119088048-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2014 02:59:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (09/27/2014 02:59:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (09/27/2014 02:59:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (09/27/2014 02:59:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (09/27/2014 02:59:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (09/27/2014 02:59:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (09/26/2014 01:59:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 125c

Startzeit: 01cfd98125189d30

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Berichts-ID: 88f26ba7-4574-11e4-be81-74d02b70d326

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/26/2014 01:58:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OpaNotebook)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/26/2014 01:58:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1098

Startzeit: 01cfd98119697f94

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 687f81da-4574-11e4-be81-74d02b70d326

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (09/26/2014 01:58:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: OpaNotebook)
Description: Die App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (09/27/2014 03:11:40 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:11:30 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:11:20 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:11:10 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:11:08 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe -Embedding1260{76DEF3AC-2910-4234-9EE2-C81B2D45833A}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:11:08 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe -Embedding1260{76DEF3AC-2910-4234-9EE2-C81B2D45833A}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:11:00 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:10:50 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:10:40 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar

Error: (09/27/2014 03:10:30 PM) (Source: DCOM) (EventID: 10001) (User: NT-AUTORITÄT)
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (09/27/2014 02:59:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (09/27/2014 02:59:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (09/27/2014 02:59:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (09/27/2014 02:59:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (09/27/2014 02:59:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (09/27/2014 02:59:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (09/26/2014 01:59:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.1125c01cfd98125189d300C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe88f26ba7-4574-11e4-be81-74d02b70d326

Error: (09/26/2014 01:58:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OpaNotebook)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142

Error: (09/26/2014 01:58:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.16420109801cfd98119697f944294967295C:\WINDOWS\system32\wwahost.exe687f81da-4574-11e4-be81-74d02b70d326microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (09/26/2014 01:58:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: OpaNotebook)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 30%
Total physical RAM: 8077.57 MB
Available physical RAM: 5651.25 MB
Total Pagefile: 10637.57 MB
Available Pagefile: 8051.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:278.67 GB) (Free:190.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:387.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: F7791DB4)

Partition: GPT Partition Type.

==================== End Of Log ============================
Über Hilfe würde ich mich freuen - Danke!

M-K-D-B 27.09.2014 15:05
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zitat:
Running from C:\Users\Jochen\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

6cylinders 27.09.2014 16:01
Hallo Mathias,

vorab zu deiner Info - hatte vor deiner Antwort Adwarecleaner laufen lassen.

Hier nun das Combofixlogfile:
[CODE]
Combofix Logfile:
Code:
ComboFix 14-09-18.01 - Jochen 27.09.2014  16:49:35.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8078.6599 [GMT 2:00]
ausgeführt von:: c:\users\Jochen\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-27 bis 2014-09-27  ))))))))))))))))))))))))))))))
.
.
2014-09-27 14:07 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-09-27 13:09 . 2014-09-27 13:11        --------        d-----w-        C:\FRST
2014-09-26 10:34 . 2014-09-02 19:32        705480        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-26 10:34 . 2014-09-02 19:32        104904        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-26 10:19 . 2014-08-09 08:30        148480        ----a-w-        c:\windows\system32\poqexec.exe
2014-09-26 10:19 . 2014-08-09 08:29        144896        ----a-w-        c:\windows\system32\tssdisai.dll
2014-09-17 12:58 . 2014-08-16 09:33        19280384        ----a-w-        c:\windows\system32\mshtml.dll
2014-09-10 15:19 . 2014-06-05 01:12        678600        ----a-w-        c:\windows\system32\msvcp120_clr0400.dll
2014-09-10 15:19 . 2014-06-03 23:12        536776        ----a-w-        c:\windows\SysWow64\msvcp120_clr0400.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-27 14:13 . 2014-06-26 13:23        401        ----a-w-        c:\users\Jochen\AppData\Roaming\sp_data.sys
2014-09-17 12:50 . 2014-06-28 10:14        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-07-15 22:51 . 2014-08-19 01:03        71168        ----a-w-        c:\windows\system32\drivers\hdaudbus.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-11-27 3187360]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe" [2012-08-31 3423104]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 plctrl;plctrl;c:\program files\ASUS\P4G\plctrl.sys;c:\program files\ASUS\P4G\plctrl.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8192Ce;Treiber für Realtek Wireless LAN 802.11n PCI-E NIC;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 10:57        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04 09:46]
.
2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04 09:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23        1500672        ----a-w-        c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23        1500672        ----a-w-        c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23        1500672        ----a-w-        c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-21 171064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-21 399416]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-12 13263072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-09-11 107192]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 172.10.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-Run-UzfaMakf - c:\programdata\UzfaMakf\UzfaMakf.dat
Wow6432Node-HKCU-Run-OlfaQhig - c:\programdata\OlfaQhig\OlfaQhig.dat
Wow6432Node-HKLM-Run-fst_de_82 - (no file)
Wow6432Node-HKLM-Run-AnyProtect Tray - c:\program files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-09-27  16:56:35
ComboFix-quarantined-files.txt  2014-09-27 14:56
.
Vor Suchlauf: 11 Verzeichnis(se), 204.624.420.864 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 204.672.638.976 Bytes frei
.
- - End Of File - - E07BDBBC1D189451106DDE7CEBEDDDEB
--- --- ---


Gruß
Jürgen

M-K-D-B 27.09.2014 16:29
Servus Jürgen,




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

M-K-D-B 30.09.2014 16:48
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131