Toolbars und andere Malware durch Foxit Reader installiert

saulk · 28.03.2014, 21:55

Liebe Forenhelfer,

eigentlich wollte ich einen Faden über den Malwarebefall meines Rechners erstellen mit der Bitte um Hilfe bei der Reinigung. Im Verlauf der ersten Schritte, wie im Forum empfohlen, überschlugen sich die Ereignisse leider sehr schnell.
Aber, der Reihe nach. Vor ein paar Tagen habe ich beim Foxit PDF-Reader, den ich schon seit Jahren ohne Probleme nutze, arglos ein Update auf die Version 6.1.4.x vorgenommen. Zufällig hatte ich dann danach einen Schnellscan MBAM durchgeführt, nur um festzustellen, dass mein Rechner total zugemüllt war mit diversen Toolbars und was sonst noch für Ad- und Spyware und die Startseite im IE war verstellt. Also führte ich die vom TB empfohlenen Scans und Reinigungsschritte mit Adwcleaner, JRT, MBAM, MBAR und FRST (in dieser Reihenfolge) durch, um das Posting im Board vorzubereiten.

Leider gab es eine erhebliche Zeitverzögerung bei der Freischaltung meines Accounts, da sich mein Mailclient offensichtlich weigerte, die entsprechende Mail zu empfangen.
Daher versuchte ich zunächst eine Systemwiederherstellung, um die elende Arbeit mit der Updaterei vieler Programme zu umgehen und eventuell eine langwierige Reinigung vermeiden zu können. Systemwiederherstellung scheiterte aber an unbekanntem Fehler. Nach dem Neustart fuhr Kaspersky nicht mehr korrekt hoch, und ich musste feststellen, dass in der Systemsteuerung die installierten Programme, die ich schon seit langem nutze, plötzlich alle das Installationsdatum des Foxit-Updates hatten. Die Wiederherstellungskonsole von Norton Ghost funktionierte auch nicht. Da war was oberfaul!
Ich entschloss mich deshalb zur Holzhammermethode und habe ein älteres sauberes Image über das System gebügelt und sitze nun natürlich an den endlosen Updates.
Fazit also: Hände weg vom Foxit Reader!. Er hat viel Müll mit im Gepäck. Mittlerweile habe ich auch im Net viele Beiträge zu der Dreckschleuder Foxit 6.1.4.x gesehen. Eine Menge Leute haben und hatten das gleiche Problem durch die Installation eingefangen.

Es gibt ja schon einige Beiträge zu Foxit hier im Board, aber meines Wissens noch keinen, der die vorstehende Problematik behandelt. Falls es deshalb zu Infozwecken interessiert, stelle ich mal die Logs von meinem verseuchten System vor dem Überspielen des Image ein. Allerdings ist mir dabei ein Lapsus unterlaufen. Den ersten MBAM-Scan hatte ich noch mit der alten Programmversion gemacht und Hunderte von Einträgen (hauptsächlich alles eine LPT Toolbar betreffend) gefunden. Danach erst habe ich gemerkt, dass es ja inzwischen eine Version 2.0 von MBAM gibt. Daraufhin habe ich upgegradet, dummerweise ohne das alte Log vorher zu speichern, und das war dann natürlich weg.
Die folgenden Logs sind deshalb diejenigen nach der ersten Reinigung mit der alten MBAM-Version.

Welchen PDF-Reader könntet ihr alternativ empfehlen?

Hier die Logs

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 27/03/2014 um 08:12:43
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Klaus - KLAUS-PC
# Gestartet von : C:\Users\Work\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Klaus\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Klaus\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Klaus\AppData\Roaming\OpenCandy

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

*************************

AdwCleaner[R0].txt - [6244 octets] - [27/03/2014 08:10:55]
AdwCleaner[S0].txt - [4028 octets] - [27/03/2014 08:12:43]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4088 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Klaus on 27.03.2014 at  8:19:27,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2014 at  8:43:50,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.03.2014
Suchlauf-Zeit: 14:38:38
Logdatei: 
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.27.03
Rootkit Datenbank: v2014.03.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Klaus

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 296482
Verstrichene Zeit: 15 Min, 11 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.Iminent.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [231c7791fe7d62d40d851153e91958a8], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [c47b9870423972c4c816a3d6946ff808], 

Registrierungswerte: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1S1H1K2U, In Quarantäne, [c47b9870423972c4c816a3d6946ff808]
PUP.Optional.BProtector, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, hxxp://www.kingfisher.de/, In Quarantäne, [0d320afee09b9b9be008592d26dd2bd5]

Registrierungsdaten: 20
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[ba85c642116ade58ee40b549a65d02fe]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[ae910afe2f4c59ddc9518b7dca3a6997]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[cb743ace6417ef47e9446698887b52ae]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[2e1119ef413ac3738693f81017ed7888]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[0e31f612e09b8aac55dbf10d38cb0df3]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[bb845fa92f4ca0965bc1c7410ef6f30d]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[c976e6224338f83e0a2738c6788b7888]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[08371fe9156639fdd34a66a2da2a02fe]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[84bb7b8d8af1280eb27ac13d8c7713ed]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnS6xWw81COAyOUmHJqPn778WYgPcofRFiZWknzK2rIZwc9cD6LmZPO6x1AJ5thyoUzz8wH5kE_RnaSYLVKPJErGwMKoi4mkS3vM,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnS6xWw81COAyOUmHJqPn778WYgPcofRFiZWknzK2rIZwc9cD6LmZPO6x1AJ5thyoUzz8wH5kE_RnaSYLVKPJErGwMKoi4mkS3vM,),Ersetzt,[96a9c54345368fa7c26d12ec21e22ad6]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnS6xWw81COAyOUmHJqPn778WYgPcofRFiZWknzK2rIZwc9cD6LmZPO6x1AJ5thyoUzz8wH5kE_RnaSYLVKPJErGwMKoi4mkS3vM,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnS6xWw81COAyOUmHJqPn778WYgPcofRFiZWknzK2rIZwc9cD6LmZPO6x1AJ5thyoUzz8wH5kE_RnaSYLVKPJErGwMKoi4mkS3vM,),Ersetzt,[66d94eba38431f1761ba3ace49bb7090]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[3c039375b2c9310577b6fe00cb380cf4]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[1827b2566d0e3df9a8711eeac63e45bb]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[64dbaa5ee49779bd65c956a86a9948b8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[cf7030d834471f17a1790ff9bd47e51b]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[ab9414f4f586d264ec44b9458c77e917]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[f64963a5364516205bc1ba4e35cf738d]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[47f89771e695b97d86abf30b6f944fb1]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[ad92ae5ac5b6330356c77494bc48d62a]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1650162684-4213735340-2130979262-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDO9GkYUquqvjJrPK3oE2itL5m-Iskn21mTj6MzjKoL7jvTSdj93MDUVNKBvMC73WmBmT4iun1fnBWzKD0ZtEKnSKXkDx7QxJPtm667tfKLJBR_Edq7D5kC709nxDLvpNqa8PIJMyZJbJEO13L3PbigXV5wX0537ZFCqOsrxfOOc78Qfg9atDy2lg,&q={searchTerms}),Ersetzt,[6dd23ccc0e6da29441eb54aa3ac92ad6]

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Klaus :: KLAUS-PC [administrator]

27.03.2014 09:45:48
mbar-log-2014-03-27 (09-45-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 291053
Time elapsed: 17 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Klaus (administrator) on KLAUS-PC on 27-03-2014 15:01:06
Running from C:\Users\Work\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Windows\AsScrPro.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Tools\Proxomitron\Proxomitron.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Norton Ghost 15.0] - C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.lnk
ShortcutTarget: Proxomitron.lnk -> C:\Tools\Proxomitron\Proxomitron.exe ()
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.lnk
ShortcutTarget: Proxomitron.lnk -> C:\Tools\Proxomitron\Proxomitron.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 tmlwf; 
U3 tmwfp; 
U2 V2iMount; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 15:01 - 2014-03-27 15:01 - 00011325 _____ () C:\Users\Work\Desktop\FRST.txt
2014-03-27 14:54 - 2014-03-27 15:01 - 00000000 ____D () C:\FRST
2014-03-27 14:40 - 2014-03-27 14:40 - 00017831 _____ () C:\MBAM_27031401.txt
2014-03-27 14:22 - 2014-03-27 14:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 14:21 - 2014-03-27 14:21 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-27 14:21 - 2014-03-27 14:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-27 14:21 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 14:19 - 2014-03-27 14:19 - 02157056 _____ (Farbar) C:\Users\Work\Desktop\FRST64.exe
2014-03-27 10:07 - 2014-03-27 08:43 - 00000625 _____ () C:\Users\Work\Desktop\JRT.txt
2014-03-27 09:45 - 2014-03-27 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 09:44 - 2014-03-27 10:08 - 00000000 ____D () C:\Users\Klaus\Desktop\mbar
2014-03-27 09:44 - 2014-03-27 09:42 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Work\Desktop\mbar-1.07.0.1009.exe
2014-03-27 09:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 08:10 - 2014-03-27 08:12 - 00000000 ____D () C:\AdwCleaner
2014-03-27 08:10 - 2014-03-27 08:10 - 01950720 _____ () C:\Users\Work\Desktop\adwcleaner.exe
2014-03-27 08:08 - 2014-03-27 08:08 - 01038974 _____ (Thisisu) C:\Users\Work\Desktop\JRT.exe
2014-03-26 19:23 - 2014-03-26 19:23 - 00000000 ____D () C:\Program Files (x86)\GUM708B.tmp
2014-03-24 06:59 - 2014-03-27 09:10 - 00013690 _____ () C:\Windows\PFRO.log
2014-03-23 11:17 - 2014-03-23 11:17 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-23 11:16 - 2014-03-23 11:16 - 00002056 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-03-17 12:43 - 2014-03-17 12:43 - 01243655 _____ () C:\Users\Klaus\Downloads\ProcessExplorer.zip
2014-03-12 07:14 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 07:14 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 07:14 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 07:14 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 07:14 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 07:14 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 07:14 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 07:14 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 07:14 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 07:14 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 07:14 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 07:14 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 07:14 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 07:14 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 07:14 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 07:14 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 07:14 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 07:14 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 07:14 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 07:14 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 07:14 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 07:14 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 07:14 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 07:14 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 07:14 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 07:14 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 07:14 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 07:14 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 07:14 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 07:14 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 07:14 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 07:14 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 07:14 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 07:14 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 07:14 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 07:14 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 07:14 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 07:14 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 07:14 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 07:14 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 07:12 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:12 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:12 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 07:12 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 07:11 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 07:11 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:11 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 07:11 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-26 07:43 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 07:43 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

==================== One Month Modified Files and Folders =======

2014-03-27 15:01 - 2014-03-27 15:01 - 00011325 _____ () C:\Users\Work\Desktop\FRST.txt
2014-03-27 15:01 - 2014-03-27 14:54 - 00000000 ____D () C:\FRST
2014-03-27 14:48 - 2014-03-27 14:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 14:45 - 2012-04-02 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 14:40 - 2014-03-27 14:40 - 00017831 _____ () C:\MBAM_27031401.txt
2014-03-27 14:28 - 2011-08-31 17:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 14:27 - 2011-08-17 14:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-27 14:21 - 2014-03-27 14:21 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-27 14:21 - 2014-03-27 14:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-27 14:21 - 2012-12-30 08:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-27 14:21 - 2010-10-06 06:25 - 00000000 ____D () C:\Users\Klaus\AppData\Roaming\Malwarebytes
2014-03-27 14:21 - 2010-10-06 06:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 14:19 - 2014-03-27 14:19 - 02157056 _____ (Farbar) C:\Users\Work\Desktop\FRST64.exe
2014-03-27 14:09 - 2000-08-12 09:48 - 01637208 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 10:16 - 2011-08-31 17:54 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 10:08 - 2014-03-27 09:44 - 00000000 ____D () C:\Users\Klaus\Desktop\mbar
2014-03-27 10:03 - 2014-03-27 09:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 09:42 - 2014-03-27 09:44 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Work\Desktop\mbar-1.07.0.1009.exe
2014-03-27 09:18 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 09:18 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 09:15 - 2009-08-04 10:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-27 09:15 - 2009-08-04 10:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-27 09:15 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-27 09:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 09:10 - 2014-03-24 06:59 - 00013690 _____ () C:\Windows\PFRO.log
2014-03-27 09:10 - 2014-02-16 07:06 - 00002912 _____ () C:\Windows\setupact.log
2014-03-27 09:10 - 2010-04-15 10:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-27 08:43 - 2014-03-27 10:07 - 00000625 _____ () C:\Users\Work\Desktop\JRT.txt
2014-03-27 08:12 - 2014-03-27 08:10 - 00000000 ____D () C:\AdwCleaner
2014-03-27 08:10 - 2014-03-27 08:10 - 01950720 _____ () C:\Users\Work\Desktop\adwcleaner.exe
2014-03-27 08:08 - 2014-03-27 08:08 - 01038974 _____ (Thisisu) C:\Users\Work\Desktop\JRT.exe
2014-03-26 19:23 - 2014-03-26 19:23 - 00000000 ____D () C:\Program Files (x86)\GUM708B.tmp
2014-03-26 19:23 - 2011-08-31 17:54 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 19:23 - 2011-08-31 17:54 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 11:32 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-25 11:32 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-24 14:54 - 2010-10-08 09:43 - 00002600 _____ () C:\Windows\Sandboxie.ini
2014-03-24 07:02 - 2010-04-15 10:43 - 00001340 _____ () C:\Windows\system32\ServiceFilter.ini
2014-03-23 11:17 - 2014-03-23 11:17 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-23 11:16 - 2014-03-23 11:16 - 00002056 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-03-22 07:45 - 2013-01-24 08:12 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-03-17 12:43 - 2014-03-17 12:43 - 01243655 _____ () C:\Users\Klaus\Downloads\ProcessExplorer.zip
2014-03-15 22:52 - 2010-10-04 09:34 - 00000000 ____D () C:\Users\Klaus
2014-03-12 07:25 - 2012-05-10 06:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 07:25 - 2009-07-14 05:45 - 00473680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 07:24 - 2012-05-10 06:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 07:19 - 2013-07-11 16:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 07:17 - 2010-10-05 06:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-12 06:53 - 2012-04-02 06:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 06:53 - 2012-04-02 06:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 06:53 - 2011-05-16 06:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-05 09:26 - 2014-03-27 14:21 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-27 09:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2012-12-30 08:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 12:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 07:14 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 07:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 07:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 07:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 07:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 07:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 07:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 07:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 07:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 07:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 07:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 07:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 07:14 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 07:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 07:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 07:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 07:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 07:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 07:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 07:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 07:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 07:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 07:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 07:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 07:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 07:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 07:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 07:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 07:14 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 07:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 07:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 07:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 07:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 07:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 07:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 07:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 07:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 07:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 07:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 07:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 20:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Klaus\AppData\Local\Temp\Checkupdate.exe
C:\Users\Klaus\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Klaus\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Klaus\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Klaus\AppData\Local\Temp\gtapi_signed.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-12 11:57

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Klaus at 2014-03-27 15:01:37
Running from C:\Users\Work\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}) (Version: 1.6.17.25401 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.6.17.25401 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.33 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.203 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.40.1319 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Birdie Shoot (remove only) (HKLM-x32\...\Birdie) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP270 series Benutzerregistrierung (HKLM-x32\...\Canon MP270 series Benutzerregistrierung) (Version:  - )
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chicken Invaders: Revenge of the Yolk v3.60 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk_is1) (Version:  - InterAction studios)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Deutschlands Brettspiele Deluxe 1.0  (HKLM-x32\...\Deutschlands Brettspiele Deluxe) (Version: 1.0 - cerasus.media)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
JAP (HKLM-x32\...\JAP) (Version: 00.06.006 - JAP-Team)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM-x32\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6029 - Realtek Semiconductor Corp.)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SeaMonkey 2.25 (x86 de) (HKLM-x32\...\SeaMonkey 2.25 (x86 de)) (Version: 2.25 - Mozilla)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.3800 - SRS Labs, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo Community Smartbar (HKLM-x32\...\{74451556-4E0B-4082-B74C-583B7EDC3679}) (Version: 10.219.66.15259 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{72ce4516-a6b3-46b6-a969-82d957e0dc24}) (Version: 10.219.66.15259 - Linkury Inc.) <==== ATTENTION

==================== Restore Points  =========================

26-02-2014 06:43:27 Windows Update
06-03-2014 09:37:46 Geplanter Prüfpunkt
12-03-2014 06:14:18 Windows Update
19-03-2014 19:41:05 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04601DBD-E78B-4C37-9476-FF81070FC9B5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {0D7C9A20-13B0-4247-AD3A-FDD02D9E6AB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {11A782CC-F0CA-4882-8686-BF488718F2AA} - \Browser Manager No Task File
Task: {122C09E7-47A6-42E4-9168-84A32BFEA4D9} - System32\Tasks\{E3A8D80D-1F82-4486-90B5-1E481D6A3702} => E:\INSTALL\DSETUP.EXE
Task: {405D71EF-7778-4C75-A14B-AA225ECADBAA} - System32\Tasks\{B6B18998-520B-433D-B225-DDB692EF4D00} => E:\SETUP.EXE
Task: {48AF8DFC-1C22-4F19-9351-690BFAE9F39F} - System32\Tasks\{41959FDF-2A05-47EE-A41F-1495A053E327} => E:\SETUP.EXE
Task: {58D5186A-E38B-4168-9E43-36BEDC7F263A} - System32\Tasks\{DE480E1C-3557-493A-ADD5-AB361D24EE68} => E:\SETUP.EXE
Task: {7CFF9101-384F-4B6E-A82D-A4186478DC04} - System32\Tasks\{17E4EF1B-063C-4747-8AB7-C9FE5971A559} => E:\INSTALL\DSETUP.EXE
Task: {880A1065-7A03-40A2-A20B-282255565CDE} - System32\Tasks\{141AC0B9-D184-4C1D-AAE2-5B95DEE3C999} => E:\INSTALL\DSETUP.EXE
Task: {88C3E588-2974-463B-A56B-59D9878B7210} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {94953490-9C88-45FF-AE66-86AF0A3BFDA7} - System32\Tasks\{9B1B0FDB-228F-4F76-9F65-6206B1B99221} => E:\SETUP.EXE
Task: {96F58225-498D-4722-91EB-44ECB3E5D67F} - System32\Tasks\{4B538C0D-DB58-4483-9408-87BB0C49656F} => E:\SETUP.EXE
Task: {9E399E33-8913-4A1A-99E8-722AACC91C1F} - System32\Tasks\{2BD9DD2C-2CD4-4138-B125-759E7684050B} => E:\INSTALL\DSETUP.EXE
Task: {A089DE49-4BC5-4CDD-A726-3E4167996BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {A1817371-4B85-4D2B-9D7A-7F3B761B97DC} - \QtraxPlayer No Task File
Task: {A1899BF8-F6EE-48C1-A33F-1250AAF5F0F4} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {ACCC61AF-5D70-4910-93A1-26D1B123712F} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {AD73A295-A207-4040-94B9-C14411E99777} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {B16C45B4-4BFC-4FCE-A47C-A612A91708A7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {BF844A5C-D8DD-4FCA-9C93-EE09A4A2FEE9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1650162684-4213735340-2130979262-1000
Task: {C0411BC1-2252-4FF3-AE5C-C7DEA8C4BA36} - System32\Tasks\{5E92F9A6-8E81-4E2B-A581-93AD3F0A6C65} => E:\SETUP.EXE
Task: {C537031A-6523-4ADC-9B6A-5B3263B552FD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CAEE085F-DF8B-4146-97DD-AA92A3E019E3} - System32\Tasks\{DAB40F58-B1CB-47B6-A466-C815D5CF2803} => E:\SETUP.EXE
Task: {F4C155B4-19DA-4601-A5D9-7FB5B7B385CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F9630963-4C22-47BF-A71A-9753870DFE75} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-02-27] (ATK)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 13:08 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-12-30 04:02 - 2009-12-30 04:02 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-04-15 10:24 - 2010-04-15 10:24 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3650.22026__0d0f4b69e50e559b\SqliteShared.dll
2010-04-15 10:24 - 2010-04-15 10:24 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2009-05-22 22:01 - 2010-10-10 18:07 - 00349696 _____ () C:\Tools\Proxomitron\Proxomitron.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2005-07-18 17:46 - 2010-10-10 18:07 - 00074240 _____ () C:\Tools\Proxomitron\zlib.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-01-03 07:59 - 2014-02-10 18:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic Mount Control Device
Description: Generic Mount Control Device
Class Guid: {d27c1f2e-cf2d-4fdc-ad2a-0dddbeab92f0}
Manufacturer: Symantec Corporation
Service: GenericMount
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/27/2014 02:09:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (03/27/2014 09:11:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/27/2014 09:10:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/27/2014 09:10:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/27/2014 09:10:04 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-10 21:22:53.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:53.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:00.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:00.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.850
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:32.607
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:32.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 4095.27 MB
Available physical RAM: 2669.05 MB
Total Pagefile: 8188.72 MB
Available Pagefile: 6504.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:39.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:206.97 GB) (Free:140.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=17 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=207 GB) - (Type=OF Extended)

==================== End Of Log ============================

Und hier noch die frischen FRST-Logs

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Klaus (administrator) on KLAUS-PC on 28-03-2014 14:43:25
Running from C:\Users\Work\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Tools\Proxomitron\Proxomitron.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Norton Ghost 15.0] - C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.lnk
ShortcutTarget: Proxomitron.lnk -> C:\Tools\Proxomitron\Proxomitron.exe ()
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.lnk
ShortcutTarget: Proxomitron.lnk -> C:\Tools\Proxomitron\Proxomitron.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 tmlwf; 
U3 tmwfp; 
U2 V2iMount; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 14:43 - 2014-03-28 14:43 - 00011332 _____ () C:\Users\Work\Desktop\FRST.txt
2014-03-28 14:43 - 2014-03-28 14:43 - 00000000 ____D () C:\FRST
2014-03-28 14:42 - 2014-03-28 14:42 - 02157056 _____ (Farbar) C:\Users\Work\Desktop\FRST64.exe
2014-03-28 09:47 - 2014-03-28 09:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 09:47 - 2014-03-28 09:47 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 09:47 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 09:47 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 09:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-28 09:25 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-28 09:25 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-28 09:25 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-28 09:25 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-28 09:25 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-28 09:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-28 09:25 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-28 09:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-28 09:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-28 09:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-28 09:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-28 09:25 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 09:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-28 09:25 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-28 09:25 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-28 09:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-28 09:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-28 09:25 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-28 09:25 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-28 09:25 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-28 09:25 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-28 09:25 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-28 09:25 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-28 09:25 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-28 09:25 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-28 09:25 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-28 09:25 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-28 09:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-28 09:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-28 09:25 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-28 09:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-28 09:25 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-28 09:25 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-28 09:25 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-28 09:25 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-28 09:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-28 09:25 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-28 09:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-28 09:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-28 09:23 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-28 09:23 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-28 09:23 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-28 09:23 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-28 09:23 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-28 09:23 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-28 09:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-28 09:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-28 09:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-28 09:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-28 08:45 - 2014-03-28 09:36 - 00000112 _____ () C:\Windows\setupact.log
2014-03-28 08:45 - 2014-03-28 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 08:44 - 2014-03-28 08:44 - 00000000 ____D () C:\VProRecovery

==================== One Month Modified Files and Folders =======

2014-03-28 14:43 - 2014-03-28 14:43 - 00011332 _____ () C:\Users\Work\Desktop\FRST.txt
2014-03-28 14:43 - 2014-03-28 14:43 - 00000000 ____D () C:\FRST
2014-03-28 14:42 - 2014-03-28 14:42 - 02157056 _____ (Farbar) C:\Users\Work\Desktop\FRST64.exe
2014-03-28 14:37 - 2011-08-17 14:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-28 14:20 - 2012-04-02 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 14:20 - 2011-08-31 17:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 14:20 - 2000-08-12 09:48 - 01086079 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 10:23 - 2013-01-24 08:12 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-03-28 09:48 - 2014-03-28 09:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 09:47 - 2014-03-28 09:47 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 09:47 - 2012-12-30 08:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-28 09:47 - 2010-10-06 06:25 - 00000000 ____D () C:\Users\Klaus\AppData\Roaming\Malwarebytes
2014-03-28 09:47 - 2010-10-06 06:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 09:46 - 2012-04-02 06:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 09:46 - 2012-04-02 06:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 09:46 - 2011-05-16 06:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-28 09:44 - 2009-08-04 10:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-28 09:44 - 2009-08-04 10:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-28 09:44 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 09:41 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:41 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:38 - 2011-08-31 17:54 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:38 - 2010-10-05 08:16 - 00000000 ____D () C:\Users\Work
2014-03-28 09:36 - 2014-03-28 08:45 - 00000112 _____ () C:\Windows\setupact.log
2014-03-28 09:36 - 2010-04-15 10:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 09:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 09:36 - 2009-07-14 05:45 - 00473680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 09:35 - 2012-05-10 06:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 09:35 - 2012-05-10 06:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-28 09:31 - 2013-07-11 16:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-28 09:28 - 2010-10-05 06:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-28 09:06 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-28 09:06 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-03-28 09:06 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-28 08:50 - 2010-10-04 09:34 - 00000000 ____D () C:\Users\Klaus
2014-03-28 08:45 - 2014-03-28 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 08:44 - 2014-03-28 08:44 - 00000000 ____D () C:\VProRecovery
2014-03-05 09:26 - 2014-03-28 09:47 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 09:47 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2012-12-30 08:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 07:05 - 2014-03-28 09:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-28 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-28 09:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-28 09:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-28 09:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-28 09:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-28 09:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-28 09:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-28 09:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-28 09:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-28 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-28 09:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-28 09:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-28 09:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-28 09:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-28 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-28 09:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-28 09:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-28 09:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-28 09:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-28 09:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-28 09:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-28 09:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-28 09:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-28 09:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-28 09:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-28 09:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-28 09:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-28 09:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-28 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-28 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-28 09:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-28 09:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-28 09:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-28 09:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-28 09:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-28 09:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-28 09:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-28 09:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-28 09:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Work\AppData\Local\Temp\Checkupdate.exe
C:\Users\Work\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Work\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Work\AppData\Local\Temp\gtapi_signed.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-12 13:41

==================== End Of Log ============================

Wäre dankbar, wenn jemand mal drüber schauen würde ob jetzt alles wieder im Lot ist. Addition.txt musste ich leider aus Platzgründen anhängen.

Beste Grüße
saulk

schrauber · 29.03.2014, 07:23

hi,

Foxit ist schon en guter Reader, man darf halt nit blind alles standard installieren.

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Frisches FRST log bitte.

saulk · 29.03.2014, 07:35

Hi schrauber,

danke für Deine Antwort, aber ich kann keine "attention"-Markierung in Addition.txt finden.

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Klaus at 2014-03-28 14:44:04
Running from C:\Users\Work\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}) (Version: 1.6.17.25401 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.6.17.25401 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.33 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.203 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.40.1319 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Birdie Shoot (remove only) (HKLM-x32\...\Birdie) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP270 series Benutzerregistrierung (HKLM-x32\...\Canon MP270 series Benutzerregistrierung) (Version:  - )
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chicken Invaders: Revenge of the Yolk v3.60 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk_is1) (Version:  - InterAction studios)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Deutschlands Brettspiele Deluxe 1.0  (HKLM-x32\...\Deutschlands Brettspiele Deluxe) (Version: 1.0 - cerasus.media)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
JAP (HKLM-x32\...\JAP) (Version: 00.06.006 - JAP-Team)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM-x32\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6029 - Realtek Semiconductor Corp.)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SeaMonkey 2.25 (x86 de) (HKLM-x32\...\SeaMonkey 2.25 (x86 de)) (Version: 2.25 - Mozilla)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.3800 - SRS Labs, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Restore Points  =========================

12-02-2014 12:03:35 Windows Update
28-03-2014 08:25:59 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04601DBD-E78B-4C37-9476-FF81070FC9B5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {0D7C9A20-13B0-4247-AD3A-FDD02D9E6AB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-28] (Adobe Systems Incorporated)
Task: {11A782CC-F0CA-4882-8686-BF488718F2AA} - \Browser Manager No Task File
Task: {122C09E7-47A6-42E4-9168-84A32BFEA4D9} - System32\Tasks\{E3A8D80D-1F82-4486-90B5-1E481D6A3702} => E:\INSTALL\DSETUP.EXE
Task: {405D71EF-7778-4C75-A14B-AA225ECADBAA} - System32\Tasks\{B6B18998-520B-433D-B225-DDB692EF4D00} => E:\SETUP.EXE
Task: {48AF8DFC-1C22-4F19-9351-690BFAE9F39F} - System32\Tasks\{41959FDF-2A05-47EE-A41F-1495A053E327} => E:\SETUP.EXE
Task: {58D5186A-E38B-4168-9E43-36BEDC7F263A} - System32\Tasks\{DE480E1C-3557-493A-ADD5-AB361D24EE68} => E:\SETUP.EXE
Task: {7CFF9101-384F-4B6E-A82D-A4186478DC04} - System32\Tasks\{17E4EF1B-063C-4747-8AB7-C9FE5971A559} => E:\INSTALL\DSETUP.EXE
Task: {880A1065-7A03-40A2-A20B-282255565CDE} - System32\Tasks\{141AC0B9-D184-4C1D-AAE2-5B95DEE3C999} => E:\INSTALL\DSETUP.EXE
Task: {88C3E588-2974-463B-A56B-59D9878B7210} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {94953490-9C88-45FF-AE66-86AF0A3BFDA7} - System32\Tasks\{9B1B0FDB-228F-4F76-9F65-6206B1B99221} => E:\SETUP.EXE
Task: {96F58225-498D-4722-91EB-44ECB3E5D67F} - System32\Tasks\{4B538C0D-DB58-4483-9408-87BB0C49656F} => E:\SETUP.EXE
Task: {9E399E33-8913-4A1A-99E8-722AACC91C1F} - System32\Tasks\{2BD9DD2C-2CD4-4138-B125-759E7684050B} => E:\INSTALL\DSETUP.EXE
Task: {A089DE49-4BC5-4CDD-A726-3E4167996BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {A1817371-4B85-4D2B-9D7A-7F3B761B97DC} - \QtraxPlayer No Task File
Task: {A1899BF8-F6EE-48C1-A33F-1250AAF5F0F4} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {ACCC61AF-5D70-4910-93A1-26D1B123712F} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {AD73A295-A207-4040-94B9-C14411E99777} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {B16C45B4-4BFC-4FCE-A47C-A612A91708A7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {BF844A5C-D8DD-4FCA-9C93-EE09A4A2FEE9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1650162684-4213735340-2130979262-1000
Task: {C0411BC1-2252-4FF3-AE5C-C7DEA8C4BA36} - System32\Tasks\{5E92F9A6-8E81-4E2B-A581-93AD3F0A6C65} => E:\SETUP.EXE
Task: {C537031A-6523-4ADC-9B6A-5B3263B552FD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CAEE085F-DF8B-4146-97DD-AA92A3E019E3} - System32\Tasks\{DAB40F58-B1CB-47B6-A466-C815D5CF2803} => E:\SETUP.EXE
Task: {EC0AFA9E-B381-48F8-893B-D247676FD12F} - System32\Tasks\{2D36A2E8-9B35-4B05-8D47-19958809BE45} => C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [2010-03-25] (Trend Micro Inc.)
Task: {F4C155B4-19DA-4601-A5D9-7FB5B7B385CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F9630963-4C22-47BF-A71A-9753870DFE75} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-02-27] (ATK)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 13:08 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-12-30 04:02 - 2009-12-30 04:02 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-04-15 10:24 - 2010-04-15 10:24 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3650.22026__0d0f4b69e50e559b\SqliteShared.dll
2010-04-15 10:24 - 2010-04-15 10:24 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2009-05-22 22:01 - 2010-10-10 18:07 - 00349696 _____ () C:\Tools\Proxomitron\Proxomitron.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2005-07-18 17:46 - 2010-10-10 18:07 - 00074240 _____ () C:\Tools\Proxomitron\zlib.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic Mount Control Device
Description: Generic Mount Control Device
Class Guid: {d27c1f2e-cf2d-4fdc-ad2a-0dddbeab92f0}
Manufacturer: Symantec Corporation
Service: GenericMount
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4400} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann keine Beschreibung dieses Inhaltsindexes in seiner Datenbank finden. Die Suche wird automatisch versuchen die Beschreibung dieses Inhaltsindexes neu zu erstellen. Wenn das Problem weiterhin besteht, beenden Sie den Suchdienst, starten Sie ihn erneut, und wenn nötig erstellen Sie den Inhaltsindex zu erneut.  (HRESULT : 0x80041181) (0x80041181)

Error: (02/08/2014 08:31:50 AM) (Source: Application Hang) (User: )
Description: Programm ClearProg.exe, Version 1.6.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a64

Startzeit: 01cf249f6ea36df0

Endzeit: 16

Anwendungspfad: C:\Tools\ClearProg\ClearProg.exe

Berichts-ID: 0df6a111-9093-11e3-bb54-485b39517677

Error: (02/07/2014 10:30:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: seamonkey.exe, Version: 26.0.0.5092, Zeitstempel: 0x52a7f685
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5092, Zeitstempel: 0x52a7f5d7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00cccdb1
ID des fehlerhaften Prozesses: 0x4a0
Startzeit der fehlerhaften Anwendung: 0xseamonkey.exe0
Pfad der fehlerhaften Anwendung: seamonkey.exe1
Pfad des fehlerhaften Moduls: seamonkey.exe2
Berichtskennung: seamonkey.exe3


System errors:
=============
Error: (03/28/2014 02:34:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 02:34:24 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/28/2014 09:36:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 09:36:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/28/2014 09:36:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 09:07:12 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/28/2014 08:45:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/28/2014 08:45:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (03/28/2014 08:45:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 08:45:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann keine Beschreibung dieses Inhaltsindexes in seiner Datenbank finden. Die Suche wird automatisch versuchen die Beschreibung dieses Inhaltsindexes neu zu erstellen. Wenn das Problem weiterhin besteht, beenden Sie den Suchdienst, starten Sie ihn erneut, und wenn nötig erstellen Sie den Inhaltsindex zu erneut.  (HRESULT : 0x80041181) (0x80041181)

Error: (02/08/2014 08:31:50 AM) (Source: Application Hang)(User: )
Description: ClearProg.exe1.6.0.0a6401cf249f6ea36df016C:\Tools\ClearProg\ClearProg.exe0df6a111-9093-11e3-bb54-485b39517677

Error: (02/07/2014 10:30:57 PM) (Source: Application Error)(User: )
Description: seamonkey.exe26.0.0.509252a7f685xul.dll26.0.0.509252a7f5d7c000000500cccdb14a001cf2446ce22e610C:\Program Files (x86)\SeaMonkey\seamonkey.exeC:\Program Files (x86)\SeaMonkey\xul.dll214f5ee0-903f-11e3-9581-485b39517677


CodeIntegrity Errors:
===================================
  Date: 2013-12-10 21:22:53.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:53.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:00.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:00.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.850
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:32.607
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:32.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 4095.27 MB
Available physical RAM: 2775.14 MB
Total Pagefile: 8188.72 MB
Available Pagefile: 6495.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:39.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:206.97 GB) (Free:140.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=17 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=207 GB) - (Type=OF Extended)

==================== End Of Log ============================

Das obige FRST- und das Addition-Log habe ich erstellt, nach der Aufspielung des Image. Die Logs müssten eigentlich sauber sein.

schrauber · 29.03.2014, 10:14

Da muss wer zum Augenarzt

Zitat:

LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Yahoo Community Smartbar (HKLM-x32\...\{74451556-4E0B-4082-B74C-583B7EDC3679}) (Version: 10.219.66.15259 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{72ce4516-a6b3-46b6-a969-82d957e0dc24}) (Version: 10.219.66.15259 - Linkury Inc.) <==== ATTENTION

saulk · 29.03.2014, 10:47

Zitat:

Da muss wer zum Augenarzt

Zitat:
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Yahoo Community Smartbar (HKLM-x32\...\{74451556-4E0B-4082-B74C-583B7EDC3679}) (Version: 10.219.66.15259 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{72ce4516-a6b3-46b6-a969-82d957e0dc24}) (Version: 10.219.66.15259 - Linkury Inc.) <==== ATTENTION

War ich doch gerade erst!

Diese Einträge stammen vom Addition-Log vor dem Aufspielen des alten Image und sind längst Geschichte.
In meinem vorherigen Posting habe ich das Addition-Log nach der Image-Aufspielung eingestellt. Da ist nix zu sehen von einer "Attentention"-Markierung. Die angeführten Programme sind auch nicht mehr in der Progliste der Systemsteuerung vorhanden.
Deshalb hier nochmal die beiden neuesten Logs:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Klaus (administrator) on KLAUS-PC on 28-03-2014 14:43:25
Running from C:\Users\Work\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Tools\Proxomitron\Proxomitron.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Norton Ghost 15.0] - C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.lnk
ShortcutTarget: Proxomitron.lnk -> C:\Tools\Proxomitron\Proxomitron.exe ()
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.lnk
ShortcutTarget: Proxomitron.lnk -> C:\Tools\Proxomitron\Proxomitron.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 tmlwf; 
U3 tmwfp; 
U2 V2iMount; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 14:43 - 2014-03-28 14:43 - 00011332 _____ () C:\Users\Work\Desktop\FRST.txt
2014-03-28 14:43 - 2014-03-28 14:43 - 00000000 ____D () C:\FRST
2014-03-28 14:42 - 2014-03-28 14:42 - 02157056 _____ (Farbar) C:\Users\Work\Desktop\FRST64.exe
2014-03-28 09:47 - 2014-03-28 09:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 09:47 - 2014-03-28 09:47 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 09:47 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 09:47 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 09:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-28 09:25 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-28 09:25 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-28 09:25 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-28 09:25 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-28 09:25 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-28 09:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-28 09:25 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-28 09:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-28 09:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-28 09:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-28 09:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-28 09:25 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 09:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-28 09:25 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-28 09:25 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-28 09:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-28 09:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-28 09:25 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-28 09:25 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-28 09:25 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-28 09:25 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-28 09:25 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-28 09:25 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-28 09:25 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-28 09:25 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-28 09:25 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-28 09:25 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-28 09:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-28 09:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-28 09:25 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-28 09:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-28 09:25 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-28 09:25 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-28 09:25 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-28 09:25 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-28 09:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-28 09:25 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-28 09:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-28 09:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-28 09:23 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-28 09:23 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-28 09:23 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-28 09:23 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-28 09:23 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-28 09:23 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-28 09:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-28 09:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-28 09:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-28 09:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-28 08:45 - 2014-03-28 09:36 - 00000112 _____ () C:\Windows\setupact.log
2014-03-28 08:45 - 2014-03-28 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 08:44 - 2014-03-28 08:44 - 00000000 ____D () C:\VProRecovery

==================== One Month Modified Files and Folders =======

2014-03-28 14:43 - 2014-03-28 14:43 - 00011332 _____ () C:\Users\Work\Desktop\FRST.txt
2014-03-28 14:43 - 2014-03-28 14:43 - 00000000 ____D () C:\FRST
2014-03-28 14:42 - 2014-03-28 14:42 - 02157056 _____ (Farbar) C:\Users\Work\Desktop\FRST64.exe
2014-03-28 14:37 - 2011-08-17 14:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-28 14:20 - 2012-04-02 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 14:20 - 2011-08-31 17:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 14:20 - 2000-08-12 09:48 - 01086079 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 10:23 - 2013-01-24 08:12 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-03-28 09:48 - 2014-03-28 09:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 09:47 - 2014-03-28 09:47 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-28 09:47 - 2012-12-30 08:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-28 09:47 - 2010-10-06 06:25 - 00000000 ____D () C:\Users\Klaus\AppData\Roaming\Malwarebytes
2014-03-28 09:47 - 2010-10-06 06:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 09:46 - 2012-04-02 06:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 09:46 - 2012-04-02 06:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 09:46 - 2011-05-16 06:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-28 09:44 - 2009-08-04 10:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-28 09:44 - 2009-08-04 10:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-28 09:44 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 09:41 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:41 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:38 - 2011-08-31 17:54 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 09:38 - 2010-10-05 08:16 - 00000000 ____D () C:\Users\Work
2014-03-28 09:36 - 2014-03-28 08:45 - 00000112 _____ () C:\Windows\setupact.log
2014-03-28 09:36 - 2010-04-15 10:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 09:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 09:36 - 2009-07-14 05:45 - 00473680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 09:35 - 2012-05-10 06:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 09:35 - 2012-05-10 06:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-28 09:31 - 2013-07-11 16:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-28 09:28 - 2010-10-05 06:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-28 09:06 - 2013-10-17 15:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-28 09:06 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-03-28 09:06 - 2013-06-08 20:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-28 08:50 - 2010-10-04 09:34 - 00000000 ____D () C:\Users\Klaus
2014-03-28 08:45 - 2014-03-28 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 08:44 - 2014-03-28 08:44 - 00000000 ____D () C:\VProRecovery
2014-03-05 09:26 - 2014-03-28 09:47 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 09:47 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2012-12-30 08:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 07:05 - 2014-03-28 09:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-28 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-28 09:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-28 09:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-28 09:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-28 09:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-28 09:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-28 09:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-28 09:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-28 09:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-28 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-28 09:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-28 09:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-28 09:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-28 09:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-28 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-28 09:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-28 09:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-28 09:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-28 09:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-28 09:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-28 09:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-28 09:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-28 09:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-28 09:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-28 09:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-28 09:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-28 09:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-28 09:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-28 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-28 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-28 09:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-28 09:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-28 09:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-28 09:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-28 09:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-28 09:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-28 09:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-28 09:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-28 09:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Work\AppData\Local\Temp\Checkupdate.exe
C:\Users\Work\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Work\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Work\AppData\Local\Temp\gtapi_signed.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-12 13:41

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Klaus at 2014-03-28 14:44:04
Running from C:\Users\Work\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}) (Version: 1.6.17.25401 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.6.17.25401 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.33 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.203 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.40.1319 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Birdie Shoot (remove only) (HKLM-x32\...\Birdie) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP270 series Benutzerregistrierung (HKLM-x32\...\Canon MP270 series Benutzerregistrierung) (Version:  - )
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chicken Invaders: Revenge of the Yolk v3.60 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk_is1) (Version:  - InterAction studios)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Deutschlands Brettspiele Deluxe 1.0  (HKLM-x32\...\Deutschlands Brettspiele Deluxe) (Version: 1.0 - cerasus.media)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
JAP (HKLM-x32\...\JAP) (Version: 00.06.006 - JAP-Team)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM-x32\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6029 - Realtek Semiconductor Corp.)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SeaMonkey 2.25 (x86 de) (HKLM-x32\...\SeaMonkey 2.25 (x86 de)) (Version: 2.25 - Mozilla)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.3800 - SRS Labs, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Restore Points  =========================

12-02-2014 12:03:35 Windows Update
28-03-2014 08:25:59 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04601DBD-E78B-4C37-9476-FF81070FC9B5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {0D7C9A20-13B0-4247-AD3A-FDD02D9E6AB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-28] (Adobe Systems Incorporated)
Task: {11A782CC-F0CA-4882-8686-BF488718F2AA} - \Browser Manager No Task File
Task: {122C09E7-47A6-42E4-9168-84A32BFEA4D9} - System32\Tasks\{E3A8D80D-1F82-4486-90B5-1E481D6A3702} => E:\INSTALL\DSETUP.EXE
Task: {405D71EF-7778-4C75-A14B-AA225ECADBAA} - System32\Tasks\{B6B18998-520B-433D-B225-DDB692EF4D00} => E:\SETUP.EXE
Task: {48AF8DFC-1C22-4F19-9351-690BFAE9F39F} - System32\Tasks\{41959FDF-2A05-47EE-A41F-1495A053E327} => E:\SETUP.EXE
Task: {58D5186A-E38B-4168-9E43-36BEDC7F263A} - System32\Tasks\{DE480E1C-3557-493A-ADD5-AB361D24EE68} => E:\SETUP.EXE
Task: {7CFF9101-384F-4B6E-A82D-A4186478DC04} - System32\Tasks\{17E4EF1B-063C-4747-8AB7-C9FE5971A559} => E:\INSTALL\DSETUP.EXE
Task: {880A1065-7A03-40A2-A20B-282255565CDE} - System32\Tasks\{141AC0B9-D184-4C1D-AAE2-5B95DEE3C999} => E:\INSTALL\DSETUP.EXE
Task: {88C3E588-2974-463B-A56B-59D9878B7210} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {94953490-9C88-45FF-AE66-86AF0A3BFDA7} - System32\Tasks\{9B1B0FDB-228F-4F76-9F65-6206B1B99221} => E:\SETUP.EXE
Task: {96F58225-498D-4722-91EB-44ECB3E5D67F} - System32\Tasks\{4B538C0D-DB58-4483-9408-87BB0C49656F} => E:\SETUP.EXE
Task: {9E399E33-8913-4A1A-99E8-722AACC91C1F} - System32\Tasks\{2BD9DD2C-2CD4-4138-B125-759E7684050B} => E:\INSTALL\DSETUP.EXE
Task: {A089DE49-4BC5-4CDD-A726-3E4167996BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {A1817371-4B85-4D2B-9D7A-7F3B761B97DC} - \QtraxPlayer No Task File
Task: {A1899BF8-F6EE-48C1-A33F-1250AAF5F0F4} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {ACCC61AF-5D70-4910-93A1-26D1B123712F} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {AD73A295-A207-4040-94B9-C14411E99777} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {B16C45B4-4BFC-4FCE-A47C-A612A91708A7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {BF844A5C-D8DD-4FCA-9C93-EE09A4A2FEE9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1650162684-4213735340-2130979262-1000
Task: {C0411BC1-2252-4FF3-AE5C-C7DEA8C4BA36} - System32\Tasks\{5E92F9A6-8E81-4E2B-A581-93AD3F0A6C65} => E:\SETUP.EXE
Task: {C537031A-6523-4ADC-9B6A-5B3263B552FD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CAEE085F-DF8B-4146-97DD-AA92A3E019E3} - System32\Tasks\{DAB40F58-B1CB-47B6-A466-C815D5CF2803} => E:\SETUP.EXE
Task: {EC0AFA9E-B381-48F8-893B-D247676FD12F} - System32\Tasks\{2D36A2E8-9B35-4B05-8D47-19958809BE45} => C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [2010-03-25] (Trend Micro Inc.)
Task: {F4C155B4-19DA-4601-A5D9-7FB5B7B385CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F9630963-4C22-47BF-A71A-9753870DFE75} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-02-27] (ATK)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 13:08 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-12-30 04:02 - 2009-12-30 04:02 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-04-15 10:24 - 2010-04-15 10:24 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3650.22026__0d0f4b69e50e559b\SqliteShared.dll
2010-04-15 10:24 - 2010-04-15 10:24 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2009-05-22 22:01 - 2010-10-10 18:07 - 00349696 _____ () C:\Tools\Proxomitron\Proxomitron.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2005-07-18 17:46 - 2010-10-10 18:07 - 00074240 _____ () C:\Tools\Proxomitron\zlib.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic Mount Control Device
Description: Generic Mount Control Device
Class Guid: {d27c1f2e-cf2d-4fdc-ad2a-0dddbeab92f0}
Manufacturer: Symantec Corporation
Service: GenericMount
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4400} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann keine Beschreibung dieses Inhaltsindexes in seiner Datenbank finden. Die Suche wird automatisch versuchen die Beschreibung dieses Inhaltsindexes neu zu erstellen. Wenn das Problem weiterhin besteht, beenden Sie den Suchdienst, starten Sie ihn erneut, und wenn nötig erstellen Sie den Inhaltsindex zu erneut.  (HRESULT : 0x80041181) (0x80041181)

Error: (02/08/2014 08:31:50 AM) (Source: Application Hang) (User: )
Description: Programm ClearProg.exe, Version 1.6.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a64

Startzeit: 01cf249f6ea36df0

Endzeit: 16

Anwendungspfad: C:\Tools\ClearProg\ClearProg.exe

Berichts-ID: 0df6a111-9093-11e3-bb54-485b39517677

Error: (02/07/2014 10:30:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: seamonkey.exe, Version: 26.0.0.5092, Zeitstempel: 0x52a7f685
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5092, Zeitstempel: 0x52a7f5d7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00cccdb1
ID des fehlerhaften Prozesses: 0x4a0
Startzeit der fehlerhaften Anwendung: 0xseamonkey.exe0
Pfad der fehlerhaften Anwendung: seamonkey.exe1
Pfad des fehlerhaften Moduls: seamonkey.exe2
Berichtskennung: seamonkey.exe3


System errors:
=============
Error: (03/28/2014 02:34:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 02:34:24 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/28/2014 09:36:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 09:36:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/28/2014 09:36:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 09:07:12 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/28/2014 08:45:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/28/2014 08:45:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (03/28/2014 08:45:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (03/28/2014 08:45:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/28/2014 08:45:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann keine Beschreibung dieses Inhaltsindexes in seiner Datenbank finden. Die Suche wird automatisch versuchen die Beschreibung dieses Inhaltsindexes neu zu erstellen. Wenn das Problem weiterhin besteht, beenden Sie den Suchdienst, starten Sie ihn erneut, und wenn nötig erstellen Sie den Inhaltsindex zu erneut.  (HRESULT : 0x80041181) (0x80041181)

Error: (02/08/2014 08:31:50 AM) (Source: Application Hang)(User: )
Description: ClearProg.exe1.6.0.0a6401cf249f6ea36df016C:\Tools\ClearProg\ClearProg.exe0df6a111-9093-11e3-bb54-485b39517677

Error: (02/07/2014 10:30:57 PM) (Source: Application Error)(User: )
Description: seamonkey.exe26.0.0.509252a7f685xul.dll26.0.0.509252a7f5d7c000000500cccdb14a001cf2446ce22e610C:\Program Files (x86)\SeaMonkey\seamonkey.exeC:\Program Files (x86)\SeaMonkey\xul.dll214f5ee0-903f-11e3-9581-485b39517677


CodeIntegrity Errors:
===================================
  Date: 2013-12-10 21:22:53.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:53.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:00.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:22:00.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.850
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:56.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:32.607
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-10 21:21:32.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 4095.27 MB
Available physical RAM: 2775.14 MB
Total Pagefile: 8188.72 MB
Available Pagefile: 6495.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:39.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:206.97 GB) (Free:140.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=17 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=207 GB) - (Type=OF Extended)

==================== End Of Log ============================

Was die benutzerdefinierte Installation angeht, so hast Du natürlich recht. Aber, bis zum letzten Update lief mit Foxit alles reibungslos und so habe ich (dummerweise) arg- und sorglos auch das 6.1.4er Update eingespielt.
Werde den Installer mal in einer Sandbox testen, inwieweit man eine benutzerdefinierte Installation wählen kann.

schrauber · 30.03.2014, 07:04

sieht gut aus

saulk · 30.03.2014, 21:47

Vielen Dank, schrauber, für Deine Mühe!

Nur noch eine abschließende Frage, kann das hier gelöscht werden? Wenn ja, wäre ich Dir für ein entsprechendes Lösch-Script für FRST sehr verbunden. Eine Partition E: existiert bei mir auf der HD überhaupt nicht, kann sich also nur um einen Wechseldatenträger handeln.

Code:

ATTFilter

Task: {11A782CC-F0CA-4882-8686-BF488718F2AA} - \Browser Manager No Task File
Task: {122C09E7-47A6-42E4-9168-84A32BFEA4D9} - System32\Tasks\{E3A8D80D-1F82-4486-90B5-1E481D6A3702} => E:\INSTALL\DSETUP.EXE
Task: {405D71EF-7778-4C75-A14B-AA225ECADBAA} - System32\Tasks\{B6B18998-520B-433D-B225-DDB692EF4D00} => E:\SETUP.EXE
Task: {48AF8DFC-1C22-4F19-9351-690BFAE9F39F} - System32\Tasks\{41959FDF-2A05-47EE-A41F-1495A053E327} => E:\SETUP.EXE
Task: {58D5186A-E38B-4168-9E43-36BEDC7F263A} - System32\Tasks\{DE480E1C-3557-493A-ADD5-AB361D24EE68} => E:\SETUP.EXE
Task: {7CFF9101-384F-4B6E-A82D-A4186478DC04} - System32\Tasks\{17E4EF1B-063C-4747-8AB7-C9FE5971A559} => E:\INSTALL\DSETUP.EXE
Task: {880A1065-7A03-40A2-A20B-282255565CDE} - System32\Tasks\{141AC0B9-D184-4C1D-AAE2-5B95DEE3C999} => E:\INSTALL\DSETUP.EXE
Task: {94953490-9C88-45FF-AE66-86AF0A3BFDA7} - System32\Tasks\{9B1B0FDB-228F-4F76-9F65-6206B1B99221} => E:\SETUP.EXE
Task: {96F58225-498D-4722-91EB-44ECB3E5D67F} - System32\Tasks\{4B538C0D-DB58-4483-9408-87BB0C49656F} => E:\SETUP.EXE
Task: {9E399E33-8913-4A1A-99E8-722AACC91C1F} - System32\Tasks\{2BD9DD2C-2CD4-4138-B125-759E7684050B} => E:\INSTALL\DSETUP.EXE
Task: {A1817371-4B85-4D2B-9D7A-7F3B761B97DC} - \QtraxPlayer No Task File

edit:
Die Sache hat sich erledigt. Der Müll wurde bei einem Reinigungslauf mit einem "Temporary File Cleaner" auch beseitigt.
Nochmals besten Dank für die Hilfe. Das Thema kann geschlossen werden.

schrauber · 31.03.2014, 13:06

ok

29.03.2014, 07:23	#2
schrauber /// the machine /// TB-Ausbilder	Toolbars und andere Malware durch Foxit Reader installiert hi, Foxit ist schon en guter Reader, man darf halt nit blind alles standard installieren. Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Frisches FRST log bitte. __________________ __________________

30.03.2014, 07:04	#6
schrauber /// the machine /// TB-Ausbilder	Toolbars und andere Malware durch Foxit Reader installiert sieht gut aus __________________ --> Toolbars und andere Malware durch Foxit Reader installiert

31.03.2014, 13:06	#8
schrauber /// the machine /// TB-Ausbilder	Toolbars und andere Malware durch Foxit Reader installiert ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Toolbars und andere Malware durch Foxit Reader installiert

Plagegeister aller Art und deren Bekämpfung: Toolbars und andere Malware durch Foxit Reader installiert