|
Plagegeister aller Art und deren Bekämpfung: Advanced System Protector und Regcleaner Pro! Zweite Meinung?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.10.2013, 15:25 | #1 |
| Advanced System Protector und Regcleaner Pro! Zweite Meinung? Hallo ans Forum. Ich habe das Notebook von einem Freund zum Aufräumen bekommen. Auf der Suche nach Struktur der Festplatte bin ich auf die beiden Programme Advanced System Protector und Recleaner Pro gestoßen: daumenrunter:. 01. Habe dann Malwarebytes Anti-Malware installiert und laufen lassen (Fehler gefunden, bereinigt, Log wurde allerdings durch Delfix am Schluss gelöscht :-( ) 02. Anschließend Combofix ausgeführt, ein CFSkript passend für das Notebook formuliert und ausgeführt. 03. ESET online Scanner verlief ohne Funde. 04. Security Check fand veraltete Software (Flash Player, Adobe Reader, Java, Browser) Alles de-installiert und neu aufgesetzt. 05. Neuer Check mit Anti-Malware zeigte, dass alles i.O. ist. 06. Eigentliches Antivirenprogramm von Bitdefender ist aktuell und zeigt ebenso keine Infektion an. Zum Schluss alles wieder de-installiert und Delfix drüber laufen lassen. So...Jetzt hab ich soviel Zeit vor dem Monitor verbracht und geschaut, dass ich gerne eine zweite Meinung einholen würde. Oftmals sieht man(n) den Wald vor lauter Bäumen nicht und vielleicht habe ich etwas übersehen. Ich poste einfach mal alle Ergebnisse der abschließenden Scans vom System und würde mich seeehr über eine zweite Meinung freuen. Eine Sache: Java wird als veraltet angezeigt?? Es ist allerdings die Version 7 Udate 45 installiert und diese scheint mir ziemlich aktuell. Viele Grüße Oli Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 zackenschlapp :: ASUSNOTEBOOK [Administrator] Schutz: Deaktiviert 20.10.2013 14:10:43 mbam-log-2013-10-20 (14-10-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228536 Laufzeit: 3 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ComboFix 13-10-19.02 - zackenschlapp 20.10.2013 14:29:57.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8078.6145 [GMT 2:00] ausgef¸hrt von:: c:\users\zackenschlapp\Desktop\ComboFix.exe AV: Bitdefender Virenschutz *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4} FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} SP: Bitdefender Spyware-Schutz *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-09-20 bis 2013-10-20 )))))))))))))))))))))))))))))) . . 2013-10-20 12:36 . 2013-10-20 12:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-10-20 12:36 . 2013-10-20 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-20 12:09 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-20 12:08 . 2013-10-20 12:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-20 07:06 . 2013-10-20 07:06 -------- d-----w- c:\windows\ERUNT 2013-10-20 06:55 . 2013-10-20 06:57 -------- d-----w- C:\AdwCleaner 2013-10-19 20:00 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C32D004E-3955-4C33-9694-1F373C7D72F2}\mpengine.dll 2013-10-19 19:54 . 2013-10-19 19:54 -------- d-----w- c:\programdata\Oracle 2013-10-19 19:54 . 2013-10-19 19:54 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-19 19:53 . 2013-10-19 19:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-19 14:23 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe 2013-10-19 14:23 . 2013-10-19 15:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-10-19 14:23 . 2013-10-19 14:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-10-19 09:32 . 2013-10-19 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-10-19 09:32 . 2013-10-19 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-10-19 09:32 . 2013-10-19 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-10-19 09:32 . 2013-10-19 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-10-19 09:32 . 2013-10-19 09:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-10-19 09:31 . 2013-10-19 09:32 -------- d-----w- c:\program files (x86)\QuickTime 2013-10-19 09:31 . 2013-10-19 09:31 -------- d-----w- c:\programdata\Apple Computer 2013-10-19 09:30 . 2013-10-19 09:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-19 09:30 . 2013-10-19 09:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-19 09:00 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-19 09:00 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-19 09:00 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-19 09:00 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-19 09:00 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-19 09:00 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-10-19 09:00 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-19 07:54 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2013-10-19 06:42 . 2013-10-19 06:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-10-18 21:09 . 2013-10-18 21:09 -------- d-----w- c:\program files (x86)\ESET 2013-10-18 18:03 . 2013-10-18 18:03 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-10-18 17:59 . 2013-10-18 17:59 -------- d-----w- c:\users\zackenschlapp\AppData\Roaming\Malwarebytes 2013-10-18 17:59 . 2013-10-18 17:59 -------- d-----w- c:\programdata\Malwarebytes 2013-10-18 17:59 . 2013-10-18 17:59 -------- d-----w- c:\users\zackenschlapp\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-20 12:24 . 2012-10-15 18:10 380 ----a-w- c:\users\zackenschlapp\AppData\Roaming\sp_data.sys 2013-10-19 08:01 . 2012-12-02 17:33 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-03 12:35 . 2012-10-16 20:53 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 01:48 . 2013-10-19 07:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-05 02:25 . 2013-09-12 18:56 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-08-02 02:14 . 2013-09-12 18:56 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-08-02 02:13 . 2013-09-12 18:56 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-08-02 02:13 . 2013-09-12 18:56 1161216 ----a-w- c:\windows\system32\kernel32.dll 2013-08-02 02:12 . 2013-09-12 18:56 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-02 02:12 . 2013-09-12 18:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 6656 ----a-w- c:\windows\system32\apisetschema.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-02 02:12 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-02 01:50 . 2013-09-12 18:56 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2013-08-02 01:48 . 2013-09-12 18:56 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-02 01:48 . 2013-09-12 18:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-02 01:48 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2013-08-02 01:09 . 2013-09-12 18:56 338432 ----a-w- c:\windows\system32\conhost.exe 2013-08-02 00:59 . 2013-09-12 18:56 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-02 00:43 . 2013-09-12 18:56 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43 . 2013-09-12 18:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43 . 2013-09-12 18:56 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43 . 2013-09-12 18:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-26 12:19 . 2013-04-29 19:54 597776 ----a-w- c:\windows\system32\drivers\avckf.sys 2013-07-26 02:24 . 2013-09-12 18:56 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-07-26 02:24 . 2013-09-12 18:56 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-07-25 09:25 . 2013-09-01 11:20 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-09-01 11:20 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-06-27 3331312] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-6-28 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 S332x64;SPRx3x USB SmartCard Reader;c:\windows\system32\DRIVERS\S332x64.sys;c:\windows\SYSNATIVE\DRIVERS\S332x64.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x] R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x] S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x] S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x] S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MBAMPROTECTOR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 21:47 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19 09:30] . 2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10 22:25] . 2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10 22:25] . 2013-10-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54] . 2013-10-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS TP Center (x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe" [2012-07-14 235488] "ASUS Quick Gesture (x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe" [2012-07-14 19424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll . ------- Zus‰tzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mDefault_Page_URL = hxxp://www.google.com TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\zackenschlapp\AppData\Roaming\Mozilla\Firefox\Profiles\vhsflj22.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.aol.de/ FF - ExtSQL: !HIDDEN! 2012-11-01 23:13; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - Entfernte verwaiste Registrierungseintr‰ge - - - - . Toolbar-Locked - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-10-20 14:38:40 ComboFix-quarantined-files.txt 2013-10-20 12:38 . Vor Suchlauf: 15 Verzeichnis(se), 57.819.590.656 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 57.749.602.304 Bytes frei . - - End Of File - - 8FF2D8B118E1938D52134F42595C52CF Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Bitdefender Virenschutz Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe Bitdefender Bitdefender 2013 vsserv.exe Bitdefender Bitdefender 2013 bdagent.exe Bitdefender Bitdefender 2013 updatesrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
20.10.2013, 17:28 | #2 |
/// the machine /// TB-Ausbilder | Advanced System Protector und Regcleaner Pro! Zweite Meinung? hi,
__________________mich würde intressieren was du mit CF gescripted hast. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
20.10.2013, 18:08 | #3 |
| Advanced System Protector und Regcleaner Pro! Zweite Meinung? Hallo Schrauber,
__________________ganz, ganz vielen Dank für die schnelle Antwort. Hier erstmal die Ergebnisse vom Recovery Scan Tool. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013 Ran by zackenschlapp (administrator) on ASUSNOTEBOOK on 20-10-2013 18:45:09 Running from C:\Users\zackenschlapp\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ASUS TP Center (x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [235488 2012-07-14] (AsusTek) HKLM\...\Run: [ASUS Quick Gesture (x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [19424 2012-07-14] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1568512 2013-07-26] (Bitdefender) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-06-28] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) AppInit_DLLs: C:\Windows\System32\nvinitx.dll C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\zackenschlapp\AppData\Roaming\Mozilla\Firefox\Profiles\vhsflj22.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.aol.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-04-01] (Bitdefender) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-10] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-11] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-07-26] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1646280 2013-07-26] (Bitdefender) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 AiCharger; C:\Windows\SysWow64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.) R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider) R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS) R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-14] (ASUS Corporation) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-29] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [597776 2013-07-26] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-04-29] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82384 2012-11-12] (BitDefender SRL) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2013-04-01] (BitDefender LLC) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-02-27] (Identive ) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-02] (BitDefender S.R.L.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-20 18:44 - 2013-10-20 18:44 - 01954548 _____ (Farbar) C:\Users\zackenschlapp\Desktop\FRST64.exe 2013-10-20 18:44 - 2013-10-20 18:44 - 00000000 ____D C:\FRST 2013-10-20 15:32 - 2013-10-20 15:32 - 00891167 _____ C:\Users\zackenschlapp\Desktop\SecurityCheck.exe 2013-10-20 14:42 - 2013-10-20 14:42 - 00025258 _____ C:\Users\zackenschlapp\Desktop\Combofix Ergebnis.txt 2013-10-20 14:38 - 2013-10-20 14:38 - 00025258 _____ C:\ComboFix.txt 2013-10-20 14:27 - 2013-10-20 14:38 - 00000000 ____D C:\Qoobox 2013-10-20 14:27 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-20 14:27 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-20 14:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-20 14:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-20 14:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-20 14:27 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-20 14:27 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-20 14:27 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-20 14:18 - 2013-10-20 14:18 - 05135479 ____R (Swearware) C:\Users\zackenschlapp\Desktop\ComboFix.exe 2013-10-20 14:14 - 2013-10-20 14:14 - 00002210 _____ C:\Users\zackenschlapp\Desktop\Malware Ergebnis.txt 2013-10-20 14:09 - 2013-10-20 14:09 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-20 14:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-20 14:08 - 2013-10-20 14:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-20 09:13 - 2013-10-20 09:13 - 00016519 _____ C:\Users\zackenschlapp\Desktop\JRT.txt 2013-10-20 09:06 - 2013-10-20 09:06 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 08:55 - 2013-10-20 08:57 - 00000000 ____D C:\AdwCleaner 2013-10-19 22:56 - 2013-10-19 22:56 - 00002595 _____ C:\Users\Public\Desktop\AI Recovery Burner.lnk 2013-10-19 21:54 - 2013-10-19 21:54 - 00000000 ____D C:\ProgramData\Oracle 2013-10-19 21:53 - 2013-10-19 21:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-19 21:53 - 2013-10-19 21:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-19 21:53 - 2013-10-19 21:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-19 21:53 - 2013-10-19 21:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-19 16:24 - 2013-10-19 16:24 - 00001381 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-10-19 16:24 - 2013-10-19 16:24 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-10-19 16:23 - 2013-10-19 17:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-10-19 16:23 - 2013-10-19 16:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-10-19 16:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2013-10-19 11:32 - 2013-10-19 11:32 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-10-19 11:31 - 2013-10-20 18:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-19 11:31 - 2013-10-19 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-10-19 11:31 - 2013-10-19 11:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-19 11:31 - 2013-10-19 11:31 - 00000000 ____D C:\ProgramData\Apple Computer 2013-10-19 11:30 - 2013-10-19 11:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-19 11:30 - 2013-10-19 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-19 11:00 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-19 11:00 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-19 11:00 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-19 11:00 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-19 11:00 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-19 11:00 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-19 11:00 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-19 10:08 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-19 10:08 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-19 10:08 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-19 10:08 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-19 10:08 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-19 10:08 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-19 10:08 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-19 10:08 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-19 10:08 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-19 10:08 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-19 10:08 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-19 10:08 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-19 09:54 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-19 09:54 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-19 09:54 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-19 09:54 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-19 09:54 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-19 09:54 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-19 09:54 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-19 09:54 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-19 09:54 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-19 09:54 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-19 09:54 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-19 09:54 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-19 09:54 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-19 09:54 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-19 09:54 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-19 09:54 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-19 09:54 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-19 09:54 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-19 09:54 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-19 09:54 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-19 09:54 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-19 09:54 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-19 09:54 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-19 09:54 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-19 09:54 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-19 09:54 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-19 09:54 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2013-10-19 09:54 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-19 09:54 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-19 09:54 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-19 09:54 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-19 09:54 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-19 09:54 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-19 09:54 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-19 09:54 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-19 09:54 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-19 09:54 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-19 09:54 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-19 09:54 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-19 09:54 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-19 09:54 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-19 09:54 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-19 09:54 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-19 09:54 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-19 09:54 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-19 09:54 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-19 09:54 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-19 09:54 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-19 08:42 - 2013-10-19 09:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-19 08:42 - 2013-10-19 08:42 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-18 23:09 - 2013-10-18 23:09 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-18 22:45 - 2013-10-20 15:50 - 00000840 _____ C:\Windows\setupact.log 2013-10-18 22:45 - 2013-10-18 22:45 - 00000000 _____ C:\Windows\setuperr.log 2013-10-18 22:44 - 2013-10-20 14:46 - 00005712 _____ C:\Windows\PFRO.log 2013-10-18 21:19 - 2013-10-20 14:26 - 00000000 ____D C:\Windows\erdnt 2013-10-18 20:25 - 2013-10-18 20:26 - 00120606 _____ C:\Windows\AsCDProc.log 2013-10-18 20:25 - 2013-10-18 20:26 - 00004522 _____ C:\Windows\AsDebug.log 2013-10-18 20:03 - 2013-10-18 20:03 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-10-18 19:59 - 2013-10-18 19:59 - 00000000 ____D C:\Users\zackenschlapp\AppData\Roaming\Malwarebytes 2013-10-18 19:59 - 2013-10-18 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-18 19:58 - 2013-10-18 22:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zackenschlapp\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-04 18:20 - 2013-10-04 18:20 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (4).kpr 2013-10-04 18:19 - 2013-10-04 18:19 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (3).kpr 2013-10-04 18:17 - 2013-10-04 18:17 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (2).kpr 2013-10-04 18:16 - 2013-10-04 18:16 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (1).kpr 2013-10-04 18:15 - 2013-10-04 18:15 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310.kpr ==================== One Month Modified Files and Folders ======= 2013-10-20 18:44 - 2013-10-20 18:44 - 01954548 _____ (Farbar) C:\Users\zackenschlapp\Desktop\FRST64.exe 2013-10-20 18:44 - 2013-10-20 18:44 - 00000000 ____D C:\FRST 2013-10-20 18:42 - 2013-10-19 11:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-20 18:42 - 2013-03-11 00:25 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-20 18:42 - 2012-10-15 20:10 - 00000380 _____ C:\Users\zackenschlapp\AppData\Roaming\sp_data.sys 2013-10-20 18:42 - 2012-09-04 23:29 - 01827275 _____ C:\Windows\WindowsUpdate.log 2013-10-20 15:58 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-20 15:58 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-20 15:50 - 2013-10-18 22:45 - 00000840 _____ C:\Windows\setupact.log 2013-10-20 15:50 - 2013-03-11 00:25 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-20 15:50 - 2012-09-04 23:34 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-10-20 15:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-20 15:32 - 2013-10-20 15:32 - 00891167 _____ C:\Users\zackenschlapp\Desktop\SecurityCheck.exe 2013-10-20 14:46 - 2013-10-18 22:44 - 00005712 _____ C:\Windows\PFRO.log 2013-10-20 14:42 - 2013-10-20 14:42 - 00025258 _____ C:\Users\zackenschlapp\Desktop\Combofix Ergebnis.txt 2013-10-20 14:38 - 2013-10-20 14:38 - 00025258 _____ C:\ComboFix.txt 2013-10-20 14:38 - 2013-10-20 14:27 - 00000000 ____D C:\Qoobox 2013-10-20 14:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-10-20 14:26 - 2013-10-18 21:19 - 00000000 ____D C:\Windows\erdnt 2013-10-20 14:18 - 2013-10-20 14:18 - 05135479 ____R (Swearware) C:\Users\zackenschlapp\Desktop\ComboFix.exe 2013-10-20 14:14 - 2013-10-20 14:14 - 00002210 _____ C:\Users\zackenschlapp\Desktop\Malware Ergebnis.txt 2013-10-20 14:09 - 2013-10-20 14:09 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-20 14:09 - 2013-10-20 14:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-20 12:42 - 2012-09-04 23:34 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-10-20 09:13 - 2013-10-20 09:13 - 00016519 _____ C:\Users\zackenschlapp\Desktop\JRT.txt 2013-10-20 09:06 - 2013-10-20 09:06 - 00000000 ____D C:\Windows\ERUNT 2013-10-20 08:57 - 2013-10-20 08:55 - 00000000 ____D C:\AdwCleaner 2013-10-19 22:56 - 2013-10-19 22:56 - 00002595 _____ C:\Users\Public\Desktop\AI Recovery Burner.lnk 2013-10-19 22:56 - 2012-06-28 00:31 - 00000000 ____D C:\Program Files (x86)\ASUS 2013-10-19 21:54 - 2013-10-19 21:54 - 00000000 ____D C:\ProgramData\Oracle 2013-10-19 21:53 - 2013-10-19 21:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-19 21:53 - 2013-10-19 21:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-19 21:53 - 2013-10-19 21:53 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-19 21:53 - 2013-10-19 21:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-19 21:53 - 2012-11-11 21:11 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-19 17:49 - 2012-09-04 23:47 - 00002174 _____ C:\Windows\system32\AutoRunFilter.ini 2013-10-19 17:29 - 2013-10-19 16:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-10-19 16:28 - 2012-09-04 23:47 - 00001925 _____ C:\Windows\system32\ServiceFilter.ini 2013-10-19 16:25 - 2013-10-19 16:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-10-19 16:24 - 2013-10-19 16:24 - 00001381 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-10-19 16:24 - 2013-10-19 16:24 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-10-19 14:57 - 2011-02-19 06:24 - 00696870 _____ C:\Windows\system32\perfh007.dat 2013-10-19 14:57 - 2011-02-19 06:24 - 00148134 _____ C:\Windows\system32\perfc007.dat 2013-10-19 14:57 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-19 11:32 - 2013-10-19 11:32 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-10-19 11:32 - 2013-10-19 11:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-10-19 11:31 - 2013-10-19 11:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-19 11:31 - 2013-10-19 11:31 - 00000000 ____D C:\ProgramData\Apple Computer 2013-10-19 11:31 - 2012-10-15 20:30 - 00000000 ____D C:\Users\zackenschlapp\AppData\Local\Adobe 2013-10-19 11:30 - 2013-10-19 11:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-19 11:30 - 2013-10-19 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-19 11:28 - 2012-09-04 23:40 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-10-19 11:28 - 2012-09-04 23:40 - 00000000 ____D C:\Windows\system32\NV 2013-10-19 11:28 - 2012-09-04 23:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-19 11:19 - 2012-09-04 23:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-10-19 10:54 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther 2013-10-19 10:54 - 2009-07-14 06:45 - 00301656 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-19 10:53 - 2013-03-15 23:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-19 10:53 - 2013-03-15 23:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-19 10:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-19 10:06 - 2012-06-28 00:27 - 01590378 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-19 10:03 - 2013-08-12 21:15 - 00000000 ____D C:\Windows\system32\MRT 2013-10-19 10:01 - 2012-12-02 19:33 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-19 09:46 - 2012-10-15 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-19 09:07 - 2013-10-19 08:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-19 09:07 - 2012-10-15 22:42 - 00000000 ____D C:\Users\zackenschlapp\AppData\Local\Mozilla 2013-10-19 08:42 - 2013-10-19 08:42 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-19 08:42 - 2012-06-28 00:28 - 00000000 ____D C:\ProgramData\Adobe 2013-10-18 23:50 - 2013-03-11 00:28 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-18 23:42 - 2013-03-11 00:25 - 00004122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-18 23:42 - 2013-03-11 00:25 - 00003870 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-18 23:09 - 2013-10-18 23:09 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-18 22:59 - 2013-10-18 19:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zackenschlapp\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-18 22:45 - 2013-10-18 22:45 - 00000000 _____ C:\Windows\setuperr.log 2013-10-18 21:30 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-10-18 20:26 - 2013-10-18 20:25 - 00120606 _____ C:\Windows\AsCDProc.log 2013-10-18 20:26 - 2013-10-18 20:25 - 00004522 _____ C:\Windows\AsDebug.log 2013-10-18 20:03 - 2013-10-18 20:03 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-10-18 19:59 - 2013-10-18 19:59 - 00000000 ____D C:\Users\zackenschlapp\AppData\Roaming\Malwarebytes 2013-10-18 19:59 - 2013-10-18 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-14 19:14 - 2012-10-16 22:50 - 00000000 ____D C:\Users\zackenschlapp\AppData\Roaming\vlc 2013-10-05 23:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-04 18:20 - 2013-10-04 18:20 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (4).kpr 2013-10-04 18:19 - 2013-10-04 18:19 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (3).kpr 2013-10-04 18:17 - 2013-10-04 18:17 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (2).kpr 2013-10-04 18:16 - 2013-10-04 18:16 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310 (1).kpr 2013-10-04 18:15 - 2013-10-04 18:15 - 00974315 _____ C:\Users\zackenschlapp\Downloads\bkz_1310.kpr 2013-09-23 01:28 - 2013-10-19 10:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 01:28 - 2013-10-19 10:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 01:27 - 2013-10-19 10:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 00:55 - 2013-10-19 10:08 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-23 00:55 - 2013-10-19 10:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-23 00:55 - 2013-10-19 10:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-23 00:54 - 2013-10-19 10:08 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-23 00:54 - 2013-10-19 10:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-21 05:38 - 2013-10-19 10:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-21 05:30 - 2013-10-19 10:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-21 04:48 - 2013-10-19 10:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-21 04:39 - 2013-10-19 10:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-20 10:49 - 2013-10-19 16:23 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-18 21:49 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013 Ran by zackenschlapp at 2013-10-20 18:45:56 Running from C:\Users\zackenschlapp\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04) Apple Application Support (x32 Version: 2.3) Apple Software Update (x32 Version: 2.1.3.127) ASUS AI Recovery (x32 Version: 1.0.24) ASUS Instant Connect (x32 Version: 1.2.2) ASUS LifeFrame3 (x32 Version: 3.0.29) ASUS Live Update (x32 Version: 3.1.7) ASUS Power4Gear Hybrid (Version: 1.2.1) ASUS Smart Gesture (x32 Version: 1.0.24) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0040) ASUS USB Charger Plus (x32 Version: 2.0.8) ASUS WebStorage Sync Agent (x32 Version: 1.1.2.97) AsusVibe2.0 (x32 Version: 2.0.10.168) ATK Package (x32 Version: 1.0.0020) Bitdefender Internet Security 2013 (Version: 16.26.0.1739) Bubbletown (x32) BufferChm (x32 Version: 130.0.331.000) C4400 (x32 Version: 130.0.365.000) Contents (x32 Version: 15.1.0.34) Copy (x32 Version: 130.0.428.000) Corel VideoStudio 12 (x32 Version: 12.0.0.0000) Corel VideoStudio Pro X5 (x32 Version: 15.1.0.34) CyberLink LabelPrint (x32 Version: 2.5.3624) CyberLink Media Suite (x32 Version: 8.0.2926) CyberLink Power2Go (x32 Version: 7.0.0.1126) D3DX10 (x32 Version: 15.4.2368.0902) Deadtime Stories (x32) Destinations (x32 Version: 130.0.0.0) DeviceDiscovery (x32 Version: 130.0.465.000) DocProc (x32 Version: 13.0.0.0) Dream Day First Home (x32) Dream Vacation Solitaire (x32) ESET Online Scanner v3 (x32) Farm Frenzy 3 - Madagascar (x32) Fast Boot (Version: 1.0.10) Galapago (x32) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Game Park Console (x32 Version: 1.2.4.431) Go Go Gourmet Chef of the Year (x32) Google Chrome (x32 Version: 30.0.1599.101) Google Update Helper (x32 Version: 1.3.21.165) GPBaseService2 (x32 Version: 130.0.371.000) HP Customer Participation Program 13.0 (Version: 13.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (Version: 13.0) HP Photosmart Essential 3.5 (Version: 3.5) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) HP Update (x32 Version: 4.000.011.006) HPPhotoGadget (x32 Version: 130.0.282.000) HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000) HPPhotosmartEssential (x32 Version: 2.04.0000) HPProductAssistant (x32 Version: 130.0.371.000) HPSSupply (x32 Version: 130.0.371.000) ICA (x32 Version: 15.1.0.34) InstantOn for NB (x32 Version: 2.3.1) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.0.12.1498) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) IPM_VS_Pro (x32 Version: 15.0) ISCOM (x32 Version: 15.1.0.34) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Junk Mail filter update (x32 Version: 15.4.3502.0922) Mahjong Memoirs (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office Excel Viewer (x32 Version: 12.0.6612.1000) Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) myBitCast 1.0.0.4 (Version: 1.0.0.4) NVIDIA Grafiktreiber 311.44 (Version: 311.44) NVIDIA Install Application (Version: 2.1002.109.706) NVIDIA Optimus 1.11.3 (Version: 1.11.3) NVIDIA Systemsteuerung 311.44 (Version: 311.44) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OCR Software by I.R.I.S. 13.0 (Version: 13.0) Plants vs Zombies (x32) PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000) Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.0) QuickTime (x32 Version: 7.74.80.86) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6586) Realtek PCIE Card Reader (x32 Version: 6.1.7601.27012) Scan (x32 Version: 13.0.0.0) Setup (x32 Version: 15.1.0.34) Share (x32 Version: 15.1.0.34) Share64 (Version: 15.1.0.34) Shop for HP Supplies (Version: 13.0) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 6.3 (x32 Version: 6.3.105) SmartSound Common Data (x32 Version: 1.1.0) SmartSound Quicktracks 5 (x32 Version: 5.1.6) SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0) SmartWebPrinting (x32 Version: 130.0.457.000) SolutionCenter (x32 Version: 130.0.373.000) Spybot - Search & Destroy (x32 Version: 2.2.25) Status (x32 Version: 130.0.469.000) Toolbox (x32 Version: 130.0.648.000) TrayApp (x32 Version: 130.0.422.000) Turbo Fiesta (x32) UnloadSupport (x32 Version: 11.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) VideoStudio (x32 Version: 12.0.0.0000) VLC media player 2.0.2 (Version: 2.0.2) VSClassic (x32 Version: 15.1.0.34) VSHelp (x32 Version: 15.1.0.34) VSPro (x32 Version: 15.1.0.34) WebReg (x32 Version: 130.0.132.017) Windows Driver Package - ASUS (ATP) Mouse (07/08/2012 1.0.0.93) (Version: 07/08/2012 1.0.0.93) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Live 影像中心 (x32 Version: 15.4.3502.0922) Windows Live 程式集 (x32 Version: 15.4.3502.0922) Windows Media Encoder 9 Series (x32 Version: 9.00.2980) Windows Media Encoder 9 Series (x32) WinFlash (x32 Version: 2.41.0) Wireless Console 3 (x32 Version: 3.0.25) World of Goo (x32) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922) Почта Windows Live (x32 Version: 15.4.3502.0922) Фотоальбом Windows Live (x32 Version: 15.4.3502.0922) גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922) بريد Windows Live (x32 Version: 15.4.3502.0922) معرض صور Windows Live (x32 Version: 15.4.3502.0922) ==================== Restore Points ========================= 19-10-2013 09:00:41 Windows Update 19-10-2013 09:17:50 Windows Update 19-10-2013 09:34:05 Windows Update 19-10-2013 09:41:08 Windows Update 19-10-2013 19:52:09 Installed Java 7 Update 45 19-10-2013 20:55:34 Installed ASUS AI Recovery ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-10-19 18:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {10952245-2339-445F-A095-7E9DE5294161} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-26] (ASUSTek Computer Inc.) Task: {20C1382E-1BDC-427C-8B6C-BDBA13C9B853} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.) Task: {28B3505F-F4C4-4D1D-A068-24DCAB11E971} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {3CD8C0AD-E34E-49A9-9872-EAB216A8F04A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6F3CCBA7-CAE3-4EF1-867C-1FD8EC4279DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {764D0DB6-3B33-4919-B808-39CA3A50A0C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.) Task: {845153D1-FCE6-4A23-9B0F-D483FC3D4602} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {9E584DEC-7DC7-42FF-A28D-EADFCF0AF348} - System32\Tasks\{A3719A80-AFB1-44F7-B51D-CB25FBF463B4} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar Task: {A19A8028-765B-492E-B927-E1080FF99DBF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS) Task: {CD42D126-DCE4-48B1-87D1-07EA0D433BB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19] (Adobe Systems Incorporated) Task: {D9626D78-FB6B-44AB-BD11-01D12A5BDE0D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {E55D44B5-4C55-4C9D-B5B5-5B267A603B42} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {EBF83D20-C772-432A-B0D4-05D02738E575} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.) Task: {F2E5D040-B274-4FB4-8A45-79A759CE7F29} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-07-25 10:13 - 2012-02-22 09:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-01 21:00 - 2013-04-01 21:00 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll 2012-02-07 04:32 - 2012-02-07 04:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2010-08-20 18:57 - 2010-08-20 18:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-20 18:57 - 2010-08-20 18:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2013-10-19 16:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-10-19 16:23 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-10-19 16:23 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-10-19 16:23 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-10-19 16:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2007-07-12 20:11 - 2007-07-12 20:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll 2012-09-04 23:34 - 2012-05-11 00:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-10-19 08:43 - 2013-10-19 08:43 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-19 11:30 - 2013-10-19 11:30 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\zackenschlapp\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Desktop\SecurityCheck.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\ChromeSetup.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\EasyDriverPro.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\ixbtRSAlertService.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\mb_driver_wlan_wb150_win7 (1).exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\mb_driver_wlan_wb150_win7.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\Net_Atheros_XPVSW7_3264_9.2.0.480.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\radarsync.exe:BDU AlternateDataStreams: C:\Users\zackenschlapp\Downloads\win64_152812.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport Adapter #3 Description: Microsoft-Adapter für Miniports virtueller WiFis Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2013 02:15:19 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc015000f Fehleroffset: 0x000000000006f7ba ID des fehlerhaften Prozesses: 0x1280 Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (10/20/2013 02:15:09 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000005055a ID des fehlerhaften Prozesses: 0x1280 Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (10/20/2013 09:34:51 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (10/20/2013 02:44:47 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (10/20/2013 02:36:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (10/20/2013 02:33:42 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (10/20/2013 02:27:04 PM) (Source: Service Control Manager) (User: ) Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/20/2013 02:27:04 PM) (Source: Service Control Manager) (User: ) Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/20/2013 02:27:04 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/20/2013 02:22:17 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/20/2013 02:22:17 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/20/2013 02:16:03 PM) (Source: Service Control Manager) (User: ) Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/20/2013 02:15:01 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{499A68D1-56E4-49C8-9E63-8EFB70B1AA9E}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (10/20/2013 02:15:19 PM) (Source: Application Error)(User: ) Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7ba128001cecd6337f1de36C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll487b1037-3981-11e3-8cd3-3085a9265de2 Error: (10/20/2013 02:15:09 PM) (Source: Application Error)(User: ) Description: explorer.exe6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1822251f1ddfac0000005000000000005055a128001cecd6337f1de36C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll430435cb-3981-11e3-8cd3-3085a9265de2 Error: (10/20/2013 09:34:51 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe CodeIntegrity Errors: =================================== Date: 2013-10-19 18:49:46.312 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-19 18:49:46.234 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-19 18:49:46.141 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-19 18:49:46.047 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-18 22:43:53.085 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-18 22:43:53.007 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-18 22:43:52.913 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-18 22:43:52.835 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-18 21:28:54.271 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-10-18 21:28:54.193 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8077.63 MB Available physical RAM: 5919.2 MB Total Pagefile: 16153.43 MB Available Pagefile: 13649.87 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:53.52 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:379.37 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: D79ED201) Partition: GPT Partition Type ==================== End Of Log ============================ |
20.10.2013, 18:25 | #4 |
/// the machine /// TB-Ausbilder | Advanced System Protector und Regcleaner Pro! Zweite Meinung? sieht gut aus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.10.2013, 20:20 | #5 |
| Advanced System Protector und Regcleaner Pro! Zweite Meinung? Na... deine Antwort hört sich doch gut an. Bin dir aber noch eine Antwort bzgl. des Skripts schuldig. Ich hatte aus dem ersten Combofix-Log die verdächtigen Verzeichnisse genommen und in ein Skript gepackt. Code:
ATTFilter Collect:: c:\windows\system32\roboot.exe Folder:: c:\users\zackenschlapp\AppData\Roaming\Systweak c:\program files\Advanced System Protector c:\program files\Regcleaner pro c:\programdata\Systweak Dir erstmal ganz, ganz vielen Dank. Grüße |
21.10.2013, 11:03 | #6 |
/// the machine /// TB-Ausbilder | Advanced System Protector und Regcleaner Pro! Zweite Meinung? jo, aber: darf Combofix nicht von nicht-ausgebildeten Helfern benutzt werden Sollte man mit Cf sehr vorsichtig sein Sollte man auf keinen Fall Collecten wenn man nit weiß wie, denn jetzt weiß der Autor dass Du das auf eigene Faust gemacht hast. Du solltest eigentlich auch nach Benutzen des Scriptes eine entsprechende Warnmeldung bekommen haben. Egal. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Advanced System Protector und Regcleaner Pro! Zweite Meinung? |
Themen zu Advanced System Protector und Regcleaner Pro! Zweite Meinung? |
administrator, adobe, adobe reader xi, browser, combofix, defender, desktop, device driver, explorer, fehler, festplatte, firefox, firewall, flash player, google, home, installation, monitor, mozilla, nvpciflt.sys, realtek, scan, security, software, svchost, system, updates, wlan |