| |
| |||||||
Log-Analyse und Auswertung: TR/BProtctor.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.04.2014, 20:14
| #1 |
| |  TR/BProtctor.Gen Hallo liebes Team, ich weiß dieses Problem wurde schon einige Male behandelt, trotzdem hoffe ich auf eure Hilfe, da ich mich nicht so auskenne. Avira AntiVir geht regelmäßig mit dem Sicherheitshinweis "C:\ProgramData\BitGuard\2.7.1832.68\...\loader.dll" mit dem Virus "TR/BProtector.Gen" auf, schaffe es leider nicht den Log zu speichern. Habe bereits die "Checkliste" abgearbeitet und ich hoffe ich habe alle erforderlichen Logs gespeichert. Hoffentlich könnt Ihr mir weiter helfen ich bedanke mich im Voraus! lG sumsi91 |
|
16.04.2014, 20:28
| #2 |
| /// the machine /// TB-Ausbilder    | TR/BProtctor.Gen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.04.2014, 18:01
| #3 |
| | TR/BProtctor.Gen FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01
Ran by Asus (administrator) on ASUS-PC on 16-04-2014 19:39:35
Running from C:\Users\Asus\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
() C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WebToGo Mobile Internet GmbH) C:\Program Files (x86)\3DataManager\3DataManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16330272 2009-07-02] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (Tlapia)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-23] (Microsoft Corporation)
HKU\S-1-5-21-2445338190-908188242-489134224-1000\...\Run: [DriverScanner] => C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe [338808 2012-03-02] (Uniblue Systems Limited)
HKU\S-1-5-21-2445338190-908188242-489134224-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Asus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2445338190-908188242-489134224-1000\...\MountPoints2: {5fbff07b-c584-11e3-b9c8-90e6ba330a85} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2445338190-908188242-489134224-1000\...\MountPoints2: {cafe78a0-c58a-11e3-b100-90e6ba330a85} - F:\.\Autorun.exe AUTORUN=1
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=442d18f700000000000090e6ba330a85
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x117C57A60A5ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {9D232464-EF5F-440F-BACF-4D0D80499B7B} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=442d18f700000000000090e6ba330a85&r=742
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001
SearchScopes: HKCU - {68979ACB-2FEA-43C4-A7C7-39DB1F687E2E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={599633BF-A2E8-4556-8A15-47AFF6189DFD}&mid=78d90c40f88647d0b5e941affcd7e376-0a68e75ffd756f8737508f63c5d65023ffc24e11&lang=de&ds=AVG&pr=pr&d=2012-09-13 19:58:46&v=12.2.5.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9D232464-EF5F-440F-BACF-4D0D80499B7B} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=442d18f700000000000090e6ba330a85&r=742
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Tcpip\..\Interfaces\{48C66A67-EAFB-4415-95E6-79BF0FEF05C5}: [NameServer]213.94.78.16 213.94.78.17
FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default
FF user.js: detected! => C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\user.js
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: softonic.com - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\Extensions\ffxtlbra@softonic.com [2013-12-18]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2014-02-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-05]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (Tlapia)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-04] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-04] (Trend Micro Inc.)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [296400 2009-02-27] ()
==================== Drivers (Whitelisted) ====================
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2008-12-13] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-04] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
U3 tmlwf;
U3 tmwfp;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-16 19:38 - 2014-04-16 19:39 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt
2014-04-16 19:37 - 2014-04-16 19:39 - 00016106 _____ () C:\Users\Asus\Desktop\FRST.txt
2014-04-16 19:37 - 2014-04-16 19:39 - 00000000 ____D () C:\FRST
2014-04-16 19:36 - 2014-04-16 19:36 - 02158080 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe
2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log
2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable
2014-04-16 19:30 - 2014-04-16 19:33 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe
2014-04-16 19:11 - 2014-04-16 19:24 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager
2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys
2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk
2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager
2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons
2014-04-16 19:08 - 2009-02-20 17:27 - 00719360 ____N (Microsoft Corporation) C:\Windows\SysWOW64\bmutil.dll
2014-04-16 19:08 - 2009-02-20 17:27 - 00471040 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmnet.dll
2014-04-16 19:08 - 2009-02-20 17:27 - 00294912 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bminstall.dll
2014-04-16 19:08 - 2009-02-20 17:27 - 00126976 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmdumpd.bin
2014-04-16 19:08 - 2009-02-20 17:27 - 00022528 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\BMLoad.sys
2014-04-16 19:08 - 2009-02-20 17:27 - 00018816 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\tcpipBM.sys
2014-04-16 19:08 - 2009-02-20 17:27 - 00008464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sporder.dll
2014-04-16 19:08 - 2008-12-13 11:28 - 00116864 ____N (Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewusbmdm.sys
2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp
2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp
2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp
2014-04-10 15:05 - 2014-04-10 15:06 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp
2014-03-26 13:30 - 2014-04-16 18:30 - 712965294 _____ () C:\Windows\MEMORY.DMP
2014-03-26 13:30 - 2014-04-16 18:30 - 00000000 ____D () C:\Windows\Minidump
2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp
2014-03-19 13:38 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-19 13:38 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-19 13:38 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-19 13:38 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-19 13:38 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-19 13:38 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-19 13:38 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-19 13:38 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-19 13:38 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-19 13:38 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-19 13:38 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-19 13:38 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-19 13:38 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-19 13:38 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-19 13:38 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-19 13:38 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-19 13:38 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-19 13:38 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-19 13:38 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-19 13:38 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-19 13:38 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-19 13:38 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-19 13:38 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-19 13:38 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-19 13:38 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-19 13:38 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-19 13:38 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-19 13:38 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-19 13:38 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-19 13:38 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-19 13:38 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-19 13:38 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-19 13:38 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-19 13:38 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-19 13:38 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-19 13:38 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-19 13:38 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-19 13:38 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-19 13:38 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-19 13:38 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-19 13:38 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-19 13:38 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-19 13:38 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-19 13:38 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-19 13:37 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-19 13:37 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-19 13:37 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-19 13:37 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
==================== One Month Modified Files and Folders =======
2014-04-16 19:39 - 2014-04-16 19:38 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt
2014-04-16 19:39 - 2014-04-16 19:37 - 00016106 _____ () C:\Users\Asus\Desktop\FRST.txt
2014-04-16 19:39 - 2014-04-16 19:37 - 00000000 ____D () C:\FRST
2014-04-16 19:36 - 2014-04-16 19:36 - 02158080 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe
2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log
2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable
2014-04-16 19:34 - 2012-05-06 15:24 - 00000000 ____D () C:\Users\Asus
2014-04-16 19:33 - 2014-04-16 19:30 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe
2014-04-16 19:30 - 2012-05-04 21:11 - 01332582 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 19:24 - 2014-04-16 19:11 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager
2014-04-16 19:24 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 19:24 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 19:20 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-04-16 19:20 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-04-16 19:20 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 19:19 - 2009-07-14 06:51 - 00053501 _____ () C:\Windows\setupact.log
2014-04-16 19:18 - 2014-02-25 12:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-16 19:18 - 2012-05-06 15:25 - 00000000 ___RD () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 19:16 - 2014-02-18 12:58 - 00003364 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-16 19:16 - 2012-12-10 10:29 - 00000338 _____ () C:\Windows\Tasks\DriverScanner.job
2014-04-16 19:16 - 2012-05-04 21:24 - 00003166 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-04-16 19:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 19:14 - 2014-02-25 12:39 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\systweak
2014-04-16 19:11 - 2012-05-04 21:16 - 00001593 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys
2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk
2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager
2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons
2014-04-16 18:45 - 2013-05-24 09:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 18:33 - 2012-07-05 10:31 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\DVDVideoSoft
2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp
2014-04-16 18:30 - 2014-03-26 13:30 - 712965294 _____ () C:\Windows\MEMORY.DMP
2014-04-16 18:30 - 2014-03-26 13:30 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 18:30 - 2012-05-04 21:23 - 00414718 _____ () C:\Windows\PFRO.log
2014-04-16 18:29 - 2009-07-14 07:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-16 18:18 - 2012-12-08 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp
2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp
2014-04-10 15:06 - 2014-04-10 15:05 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp
2014-03-31 09:35 - 2012-07-05 10:45 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 13:53 - 2012-12-08 16:36 - 00000000 ____D () C:\Users\Asus\AppData\Local\Microsoft Help
2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp
2014-03-26 12:58 - 2014-02-25 12:34 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-03-26 12:56 - 2013-05-24 09:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-26 12:56 - 2012-09-13 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-26 12:56 - 2012-09-13 19:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-26 12:54 - 2009-07-14 06:45 - 00415016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 14:13 - 2014-03-13 11:59 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\avgnt.exe
C:\Users\Asus\AppData\Local\Temp\BackupSetup.exe
C:\Users\Asus\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Asus\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Asus\AppData\Local\Temp\ETDUninst.dll
C:\Users\Asus\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Asus\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Asus\AppData\Local\Temp\uninst1.exe
C:\Users\Asus\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-31 13:48
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 01
Ran by Asus at 2014-04-16 19:39:57
Running from C:\Users\Asus\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Trend Micro Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Trend Micro Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
3DataManager (HKLM-x32\...\3DataManager) (Version: 2.2 - 3DataManager)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.25001 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.8 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.20 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
Express Gate (HKLM-x32\...\{865CD808-6D31-4269-9D36-693CFE75D26A}) (Version: 1.2.13.16 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
SRS Premium Sound Control Panel (HKLM\...\{D42F84B6-3709-4A50-8502-6719D16AE6C8}) (Version: 1.07.0100 - SRS Labs, Inc.)
sysTPL (HKLM-x32\...\{4B74BC31-B353-4B8F-8CBE-DAB4FF326FF1}) (Version: 1.4.1.2 - Tlapia)
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 17.50 - Trend Micro Inc.) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Uniblue DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.3.5 - Uniblue Systems Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
==================== Restore Points =========================
10-04-2014 12:59:09 Windows Update
16-04-2014 16:11:43 Avira Free Antivirus - 16.04.2014 18:11
16-04-2014 16:17:36 Windows Update
16-04-2014 16:24:51 TuneUp Utilities 2014 wird entfernt
16-04-2014 16:25:30 TuneUp Utilities 2014 (de-DE) wird entfernt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0AE4C0B1-60DB-4F38-AD93-0E0731DEF93F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-11] (ATK)
Task: {2DBDF293-5335-4FE7-A5A0-A92DB9A797ED} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {2FF803DA-4E9C-49E5-B1FF-411196BBC02E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-26] (Adobe Systems Incorporated)
Task: {33E07EE7-DDB2-4174-8228-1C6F5D2AE382} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
Task: {428239D5-0354-41A3-86B0-62E7988E130E} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-03-02] (Uniblue Systems Limited)
Task: {5A60F398-6F37-4B7A-9EA4-78E9953A5105} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Asus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {6F1D8423-3BF1-4BC3-8160-599CC9B57DAC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {85907915-7A00-44F8-A2A8-2A720A9EC6BA} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {8924DEDF-ECA2-415A-840B-070F960FFDF7} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {8B4F364F-6261-4D2D-9A46-A458D177833B} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {9E7C8553-6C9A-4DBC-8059-26BB08944A13} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {EC1A4A9F-3840-4041-AAE4-363772F6E897} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {F050E88C-A58A-4FDF-921A-654FAF758750} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
==================== Loaded Modules (whitelisted) =============
2013-11-22 10:24 - 2013-11-18 16:32 - 01958880 ____N () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2012-05-04 21:20 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2009-08-04 22:03 - 2009-08-04 22:03 - 00207656 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2009-08-05 02:09 - 2009-08-05 02:09 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2009-05-05 19:00 - 2009-05-05 19:00 - 00041472 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-06 20:06 - 2009-08-06 20:06 - 00028672 _____ () C:\Program Files\P4G\OvrClk.dll
2012-05-04 21:20 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2014-04-16 19:08 - 2009-02-27 16:26 - 00296400 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2009-07-24 19:32 - 2009-07-24 19:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-05-04 21:20 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-24 22:50 - 2009-09-24 22:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2014-02-18 15:32 - 2014-02-18 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2013-09-10 11:52 - 2013-09-10 11:48 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00430080 ____N () C:\Program Files (x86)\3DataManager\WtgCore.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00139264 ____N () C:\Program Files (x86)\3DataManager\WtgBluetooth.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00065536 ____N () C:\Program Files (x86)\3DataManager\WtgDialup.dll
2014-04-16 19:08 - 2009-02-27 16:20 - 00204800 ____N () C:\Program Files (x86)\3DataManager\WtgUtil.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00086016 ____N () C:\Program Files (x86)\3DataManager\WtgPorts.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00106496 ____N () C:\Program Files (x86)\3DataManager\WtgDatabase.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00139264 ____N () C:\Program Files (x86)\3DataManager\WtgDetection.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00045056 ____N () C:\Program Files (x86)\3DataManager\WtgDriverInstall.dll
2014-04-16 19:08 - 2009-02-27 16:23 - 07450624 ____N () C:\Program Files (x86)\3DataManager\H3GA_OneClickAssistantGer.dll
2014-04-16 19:08 - 2009-02-27 16:21 - 00180224 ____N () C:\Program Files (x86)\3DataManager\WTGSMSPCClient.Dll
2014-04-16 19:08 - 2009-02-27 16:20 - 00024576 ____N () C:\Program Files (x86)\3DataManager\WTGDebugs.dll
2014-04-16 19:08 - 2009-02-27 16:23 - 00016384 ____N () C:\Program Files (x86)\3DataManager\H3GA_WTGSMSPCClientGer.dll
2014-04-16 19:08 - 2009-02-27 16:22 - 00024576 ____N () C:\Program Files (x86)\3DataManager\WTGDriverInstallX.Dll
2014-02-25 12:37 - 2013-12-03 10:43 - 03555952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Camera ScreenSaver => C:\Windows\AsScrProlog.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2014 07:18:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x524
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (04/16/2014 06:32:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x4d8
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (04/16/2014 06:15:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x540
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (04/16/2014 06:10:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x518
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (04/10/2014 03:17:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5084, Zeitstempel: 0x529d96e1
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5084, Zeitstempel: 0x529d9670
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00149c28
ID des fehlerhaften Prozesses: 0xb88
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (04/10/2014 03:14:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x4bc
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (04/10/2014 02:53:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1676
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015611
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (03/26/2014 03:45:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1676
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015611
ID des fehlerhaften Prozesses: 0x4a4
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (03/26/2014 01:42:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1676
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015611
ID des fehlerhaften Prozesses: 0x514
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (03/26/2014 01:30:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.15.11.8631, Zeitstempel: 0x4a4c773b
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1676
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015611
ID des fehlerhaften Prozesses: 0x4e4
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
System errors:
=============
Error: (04/16/2014 07:18:28 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/16/2014 06:34:30 PM) (Source: iaStor) (User: )
Description: Ein Paritätsfehler wurde auf \Device\Ide\iaStor0 gefunden.
Error: (04/16/2014 06:30:45 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8005cbfb30, 0xfffffa8005cbfe10, 0xfffff8000338a7b0)C:\Windows\MEMORY.DMP041614-23259-01
Error: (04/16/2014 06:30:29 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 16.04.2014 um 18:28:11 unerwartet heruntergefahren.
Error: (04/16/2014 06:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073712 fehlgeschlagen: Update des Microsoft-Browserauswahlbildschirms für EEA-Benutzer von Windows 7 für x64-basierte Systeme (KB976002)
Error: (04/16/2014 06:13:31 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa80050a2b30, 0xfffffa80050a2e10, 0xfffff800033d67b0)C:\Windows\MEMORY.DMP041614-19453-01
Error: (04/16/2014 06:13:23 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 16.04.2014 um 18:11:50 unerwartet heruntergefahren.
Error: (04/10/2014 03:11:52 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8005dbfb30, 0xfffffa8005dbfe10, 0xfffff800033c47b0)C:\Windows\MEMORY.DMP041014-20638-01
Error: (04/10/2014 03:11:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 10.04.2014 um 15:09:45 unerwartet heruntergefahren.
Error: (04/10/2014 03:08:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 4095.24 MB
Available physical RAM: 2387.44 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 6367.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:49.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:327.83 GB) (Free:327.73 GB) NTFS
Drive f: (3DataManager) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 63065F8A)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=328 GB) - (Type=OF Extended)
==================== End Of Log ============================
Und schönmal vorweg ein Riesen Dankeschön für die Hilfe. Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 16. April 2014 21:17
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ASUS-PC
Versionsinformationen:
BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 18.02.2014 10:49:57
AVSCANRC.DLL : 14.0.2.180 62008 Bytes 18.12.2013 10:03:06
LUKE.DLL : 14.0.3.336 65616 Bytes 18.02.2014 10:50:01
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 18.02.2014 10:49:57
AVREG.DLL : 14.0.3.336 250448 Bytes 18.02.2014 10:49:56
avlode.dll : 14.0.3.336 544848 Bytes 18.02.2014 10:49:56
avlode.rdf : 14.0.3.38 58680 Bytes 26.03.2014 10:59:58
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 08:18:10
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:03:36
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 08:40:58
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 11:31:36
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 14:07:45
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:45:03
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 12:59:21
VBASE007.VDF : 7.11.139.39 2048 Bytes 27.03.2014 12:59:22
VBASE008.VDF : 7.11.139.40 2048 Bytes 27.03.2014 12:59:22
VBASE009.VDF : 7.11.139.41 2048 Bytes 27.03.2014 12:59:22
VBASE010.VDF : 7.11.139.42 2048 Bytes 27.03.2014 12:59:22
VBASE011.VDF : 7.11.139.43 2048 Bytes 27.03.2014 12:59:22
VBASE012.VDF : 7.11.139.44 2048 Bytes 27.03.2014 12:59:22
VBASE013.VDF : 7.11.139.45 2048 Bytes 27.03.2014 12:59:22
VBASE014.VDF : 7.11.139.171 111104 Bytes 28.03.2014 12:59:23
VBASE015.VDF : 7.11.140.23 150016 Bytes 30.03.2014 12:59:23
VBASE016.VDF : 7.11.140.143 222720 Bytes 01.04.2014 12:59:23
VBASE017.VDF : 7.11.140.235 144384 Bytes 03.04.2014 12:59:24
VBASE018.VDF : 7.11.141.81 193536 Bytes 05.04.2014 12:59:24
VBASE019.VDF : 7.11.141.203 241152 Bytes 08.04.2014 12:59:24
VBASE020.VDF : 7.11.142.83 144896 Bytes 10.04.2014 12:59:24
VBASE021.VDF : 7.11.142.84 2048 Bytes 10.04.2014 12:59:24
VBASE022.VDF : 7.11.142.85 2048 Bytes 10.04.2014 12:59:25
VBASE023.VDF : 7.11.142.86 2048 Bytes 10.04.2014 12:59:25
VBASE024.VDF : 7.11.142.87 2048 Bytes 10.04.2014 12:59:25
VBASE025.VDF : 7.11.142.88 2048 Bytes 10.04.2014 12:59:25
VBASE026.VDF : 7.11.142.89 2048 Bytes 10.04.2014 12:59:25
VBASE027.VDF : 7.11.142.90 2048 Bytes 10.04.2014 12:59:25
VBASE028.VDF : 7.11.142.91 2048 Bytes 10.04.2014 12:59:25
VBASE029.VDF : 7.11.142.92 2048 Bytes 10.04.2014 12:59:25
VBASE030.VDF : 7.11.142.93 2048 Bytes 10.04.2014 12:59:25
VBASE031.VDF : 7.11.142.108 109056 Bytes 10.04.2014 12:59:26
Engineversion : 8.3.18.2
AEVDF.DLL : 8.3.0.4 118976 Bytes 26.03.2014 10:59:58
AESCRIPT.DLL : 8.1.4.198 528584 Bytes 10.04.2014 12:59:07
AESCN.DLL : 8.3.0.2 135360 Bytes 26.03.2014 10:59:57
AESBX.DLL : 8.2.20.6 1331575 Bytes 15.01.2014 13:12:02
AERDL.DLL : 8.2.0.138 704888 Bytes 03.12.2013 13:56:06
AEPACK.DLL : 8.4.0.16 778440 Bytes 10.04.2014 12:59:07
AEOFFICE.DLL : 8.3.0.2 201084 Bytes 26.03.2014 10:59:57
AEHEUR.DLL : 8.1.4.1004 6643912 Bytes 10.04.2014 12:59:06
AEHELP.DLL : 8.3.0.0 274808 Bytes 13.03.2014 09:53:56
AEGEN.DLL : 8.1.7.24 442743 Bytes 13.03.2014 09:53:56
AEEXP.DLL : 8.4.1.258 512376 Bytes 26.03.2014 10:59:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 07.09.2012 18:25:49
AECORE.DLL : 8.3.0.6 241864 Bytes 26.03.2014 10:59:54
AEBB.DLL : 8.1.1.4 53619 Bytes 08.11.2012 10:12:54
AVWINLL.DLL : 14.0.3.252 23608 Bytes 18.02.2014 10:49:53
AVPREF.DLL : 14.0.3.252 48696 Bytes 18.02.2014 10:49:56
AVREP.DLL : 14.0.3.252 175672 Bytes 18.02.2014 10:49:56
AVARKT.DLL : 14.0.3.336 256080 Bytes 18.02.2014 10:49:54
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 18.02.2014 10:49:55
SQLITE3.DLL : 3.7.0.1 394824 Bytes 10.09.2013 09:48:22
AVSMTP.DLL : 14.0.3.252 60472 Bytes 18.02.2014 10:49:57
NETNT.DLL : 14.0.3.252 13368 Bytes 18.02.2014 10:50:01
RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 18.02.2014 10:49:53
RCTEXT.DLL : 14.0.3.282 72760 Bytes 18.02.2014 10:49:53
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 16. April 2014 21:17
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Eine Instanz der ARK Library läuft bereits.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'nvvsvc.exe' - '27' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '160' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'FBAgent.exe' - '44' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'avguard.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SfCtlCom.exe' - '61' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'sysTPLMonitor.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '63' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'sysTPLService.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'Explorer.EXE' - '181' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'taskeng.exe' - '39' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'WLIDSVC.EXE' - '57' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'dsmonitor.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'AmIcoSinglun64.exe' - '37' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'UfSeAgnt.exe' - '76' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'rundll32.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'aspg.exe' - '34' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'BatteryLife.exe' - '47' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'sensorsrv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '40' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'ControlDeckStartUp.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Atouch64.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '41' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'ACEngSvr.exe' - '40' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'SSScheduler.exe' - '31' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'SRSPremiumPanel_64.exe' - '42' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'wmiprvse.exe' - '70' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'WTGService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '24' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'HControlUser.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMTray.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '33' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '43' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '40' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.Gen
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Mittwoch, 16. April 2014 21:18
Benötigte Zeit: 01:38 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
6077 Dateien wurden geprüft
33 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
6044 Dateien ohne Befall
7 Archive wurden durchsucht
33 Warnungen
0 Hinweise
|
|
18.04.2014, 16:24
| #4 |
| /// the machine /// TB-Ausbilder | TR/BProtctor.Gen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.04.2014, 19:23
| #5 |
| | TR/BProtctor.Gen Hi, anbei der Log von ComboFix Code:
ATTFilter ComboFix 14-04-17.01 - Asus 18.04.2014 19:50:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2459 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\SoFTonic.dll
c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoFTonictlbr.dll
c:\users\Asus\Desktop\Search.lnk
c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_0_1
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-18 bis 2014-04-18 ))))))))))))))))))))))))))))))
.
.
2014-04-18 17:59 . 2014-04-18 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-18 09:11 . 2014-03-06 08:32 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-16 17:37 . 2014-04-16 17:40 -------- d-----w- C:\FRST
2014-04-16 17:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E393461-2444-4638-96AD-CD5F2CBF8169}\mpengine.dll
2014-04-16 17:27 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-16 17:11 . 2014-04-16 17:43 -------- d-----w- c:\users\Asus\AppData\Roaming\3DataManager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 07:35 . 2012-07-05 08:45 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 10:56 . 2012-09-13 17:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-26 10:56 . 2012-09-13 17:38 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17 . 2014-04-16 17:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-19 11:38 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-19 11:37 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-19 11:37 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-19 11:37 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-19 11:37 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-19 11:38 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-19 11:38 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-19 11:38 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-21 16:28 . 2014-02-25 10:39 20312 ----a-w- c:\windows\system32\roboot64.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-13 19:15 220608 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-13 19:15 220608 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-13 19:15 220608 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
"BackgroundContainer"="c:\users\Asus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"sysTPL"="c:\program files (x86)\sysTPL\sysTPL.exe" [2014-01-24 1244440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2012-5-4 12862]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
tmchlang.lnk - c:\program files\Trend Micro\Internet Security\TmChLang.exe [2009-8-4 1851024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 sysTPLMonitor.exe;sysTPLMonitor;c:\program files (x86)\sysTPL\sysTPLMonitor.exe;c:\program files (x86)\sysTPL\sysTPLMonitor.exe [x]
S2 sysTPLService.exe;sysTPLService;c:\program files (x86)\sysTPL\sysTPLService.exe;c:\program files (x86)\sysTPL\sysTPLService.exe [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe;c:\program files (x86)\3DataManager\WTGService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-05 10:56]
.
2014-04-18 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-12-10 13:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2014-02-13 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-13 19:15 244672 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-13 19:15 244672 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-13 19:15 244672 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=442d18f700000000000090e6ba330a85
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8877
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: !HIDDEN! 2012-12-10 09:29; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 442d18f700000000000090e6ba330a85
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15958
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.611:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121565&tsp=5001
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=442d18f700000000000090e6ba330a85&q=
FF - user.js: extensions.Softonic.id - 442d18f700000000000090e6ba330a85
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16057
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1411:01
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=442d18f700000000000090e6ba330a85
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=442d18f700000000000090e6ba330a85
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E87806B5-E908-45FD-AF5E-957D83E58E68} - c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\Rundll32.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-18 20:13:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-04-18 18:13
.
Vor Suchlauf: 8 Verzeichnis(se), 53.050.859.520 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 53.492.801.536 Bytes frei
.
- - End Of File - - 0996DA29285B553FBB41B8416CBFE303
A36C5E4F47E84449FF07ED3517B43A31
|
|
19.04.2014, 12:22
| #6 |
| /// the machine /// TB-Ausbilder | TR/BProtctor.Gen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> TR/BProtctor.Gen |
|
20.04.2014, 10:13
| #7 |
| | TR/BProtctor.Gen Hier der Malwarebytes Log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.04.2014 Suchlauf-Zeit: 14:36:08 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.19.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Asus Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 255290 Verstrichene Zeit: 16 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 25 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [d9277d8353adfd038c2d58f314eec63a], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [d9277d8353adfd038c2d58f314eec63a], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, In Quarantäne, [8b7527d9649c936d97cc20f580824bb5], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}, In Quarantäne, [09f73cc468988f71c0a421f4649eed13], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, In Quarantäne, [09f73cc468988f71c0a421f4649eed13], PUP.Optional.Softonic.A, HKLM\SOFTWARE\CLASSES\srv.SoftonicSrvc, In Quarantäne, [11ef2cd43bc527d9260b5b15847e1be5], PUP.Optional.Softonic.A, HKLM\SOFTWARE\CLASSES\srv.SoftonicSrvc.1, In Quarantäne, [1ae63ec2c838a35d60d178f8679b649c], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\srv.SoftonicSrvc, In Quarantäne, [b749e41c48b847b9e74aadc3e31fdc24], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\srv.SoftonicSrvc.1, In Quarantäne, [8b753dc3c838847c929f422edf238f71], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [a35d4db3d8287e82ac88412f51b17b85], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\SOFTONIC\Softonic, In Quarantäne, [0df3e61a48b82ed294a1e58bcd352bd5], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [ed138080df21f40cd0fd2074e2217987], PUP.Optional.Softonic.A, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\softonicToolbar, Löschen bei Neustart, [68980cf4d42c43bd54df403025ddca36], PUP.Optional.PriceGong.A, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Löschen bei Neustart, [6d93f0103bc555ab848006734eb454ac], PUP.Optional.BProtector.A, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [966a18e832cee61af4374652f80bec14], PUP.Optional.Softonic.A, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Softonic, Löschen bei Neustart, [15ebfe02629e40c091a174fcab573cc4], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\CLASSES\SoftonicApp.appCore.1, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\CLASSES\SoftonicApp.appCore, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftonicApp.appCore, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftonicApp.appCore.1, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B15F118E-AF21-45E8-A809-29FDD7362565}, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B15F118E-AF21-45E8-A809-29FDD7362565}, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Softonic, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], Registrierungswerte: 5 PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, Softonic Toolbar, In Quarantäne, [8b7527d9649c936d97cc20f580824bb5] PUP.Optional.Softonic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, In Quarantäne, [7789629ed8281ce4372c1203e919f010], PUP.BProtector, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001, Löschen bei Neustart, [70908b753ac614eccf00316316ed4ab6] PUP.BProtector, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [d22e946c69974fb1ab25583c29daf30d] PUP.Optional.Conduit, HKU\S-1-5-21-2445338190-908188242-489134224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Asus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, Löschen bei Neustart, [1ae6c63a33cdfc04a384059ec0434fb1] Registrierungsdaten: 0 (No malicious items detected) Ordner: 18 PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\04DCF23E444B498A89C0734FF966DBC6, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\2A5FEE309B9A4562A3246C1CEFA1C6FC, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\347374B52A9E4CBF8FAD954A04D1CBCA, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\5AA28BDFCA414DADA60BAC6EFF25B6E4, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\7035334DE3DF4478A8B8EB747BDE45FC, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\E7B2B4F29C334C0F934C7B5F2DE48E71, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.FileScout.A, C:\Users\Asus\AppData\Roaming\File Scout, In Quarantäne, [05fb04fc15ebe818b7f3ea7462a032ce], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\components, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], Dateien: 145 PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [eb15b54b02fef30d9a84b2420df636ca], PUP.Optional.FileScout.A, C:\Users\Asus\AppData\Roaming\File Scout\filescout.exe, In Quarantäne, [8b75a25e9e62a8584b627e842ad74ab6], PUP.Optional.OpenCandy.A, C:\Users\Asus\AppData\Roaming\OpenCandy\04DCF23E444B498A89C0734FF966DBC6\Setupsft_chr_p1v7.exe, In Quarantäne, [3cc411ef738d99679a1d41daa65e1ae6], PUP.Optional.Babylon.A, C:\Users\Asus\AppData\Roaming\OpenCandy\7035334DE3DF4478A8B8EB747BDE45FC\DeltaTB.exe, In Quarantäne, [45bb8977d030a25e566a31cf16ebb24e], PUP.Optional.RegCleanPro, C:\Users\Asus\Downloads\rcpsetupmapp1_mapp12115793at.exe, In Quarantäne, [06fa45bb936d01ffc9bfec4827d98a76], PUP.Optional.Conduit, C:\Users\Asus\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe, In Quarantäne, [01ffe31db24e847ca8d189a649b7ad53], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\searchplugins\softonic.xml, In Quarantäne, [24dca45cc739b14f5dd25818cc365ba5], PUP.Optional.BProtector.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\bProtector_extensions.sqlite, In Quarantäne, [58a8f808fe02c13fdd9572016a98ba46], PUP.Optional.BProtector.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\bprotector_prefs.js, In Quarantäne, [9b656799d32daa561e55136046bcd22e], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [38c8c23e48b8d9278cedcaae976b50b0], PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, In Quarantäne, [d52b0bf5ac541be562206837a65d06fa], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\2A5FEE309B9A4562A3246C1CEFA1C6FC\Trial-14.0.1000.89_de-DE_1004726_AT-1.exe, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\347374B52A9E4CBF8FAD954A04D1CBCA\driverscannerROE.exe, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\5AA28BDFCA414DADA60BAC6EFF25B6E4\TuneUpUtilities2012_de-DE.exe, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\E7B2B4F29C334C0F934C7B5F2DE48E71\driverscannerROE.exe, In Quarantäne, [8e72ba46c23e3ec2395987d77290827e], PUP.Optional.FileScout.A, C:\Users\Asus\AppData\Roaming\File Scout\uninst.exe, In Quarantäne, [05fb04fc15ebe818b7f3ea7462a032ce], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\chrome.manifest, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\install.rdf, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\components\FFDisp.dll, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\dpk.htm, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\hlprs.js, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\loader.xul, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\mtstart.js, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\serp.js, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\softonic.css, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\softonic.xul, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\tmplt.js, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\arwDwn.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\closeo.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\help_16.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\home.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\icon_seperator.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\logo.PNG, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\privecy_16_hot.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\sign.jpg, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\specialoffer.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\tellafriend.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\uninstall.gif, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\ae.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\bg.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\ch.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\cn.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\cz.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\de.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\eg.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\en.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\es.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\fr.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\gr.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\he.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\il.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\it.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\ja.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\jp.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\nl.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\no.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\pl.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\pt.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\ro.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\ru.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\sa.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\se.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\sv.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\tr.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\ua.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.HTM.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs\us.png, In Quarantäne, [24dc699748b822dede8a5511d62c936d], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, In Quarantäne, [4fb1aa56a45c3fc1c5a66bfb26dce917], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\softonic.crx, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicApp.dll, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicEng.dll, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonicsrv.exe, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\uninstall.exe, In Quarantäne, [13edab5535cb5fa19dcf075f61a141bf], PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), Ersetzt,[20e042be7b85629e7521c291857fd52b] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.aflt", "OC");), Ersetzt,[c83800006c9419e761353d167193fc04] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");), Ersetzt,[e818da26c63a50b0ade92a2919ebd030] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.autoRvrt", "false");), Ersetzt,[2ad654ac38c82fd16c2afd5624e032ce] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.cntry", "AT");), Ersetzt,[58a8bb4509f7c7399ef8193ac242f40c] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltLng", "de");), Ersetzt,[2ed267995ea219e77a1ca1b20afae818] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltSrch", true);), Ersetzt,[7a86c23e6c94a65aa7ef91c2dd275fa1] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dnsErr", true);), Ersetzt,[de227e8229d7dc245e382f24887c8f71] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Ersetzt,[d927e31da060d32db3e3bf9422e2ce32] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dspFFXOld", "");), Ersetzt,[55ab936dda260ff1e6b0e66d50b49868] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.excTlbr", false);), Ersetzt,[6d93a06051af28d84e48eb681ee68977] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.ffxUnstlRst", false);), Ersetzt,[dc2428d814ecd42cd6c060f304004eb2] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hdrMd5", "300E7E46BE88048E11310B57E25A43F5");), Ersetzt,[32ce07f96c948080aaec90c364a07b85] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpg", true);), Ersetzt,[4eb204fcec14718fb0e6d87b39cb23dd] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=442d18f700000000000090e6ba330a85");), Ersetzt,[39c75ca4e61a0df3583eb3a015ef9e62] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hpFFXOld", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001");), Ersetzt,[9769659b60a07b85f2a480d3996b04fc] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.id", "442d18f700000000000090e6ba330a85");), Ersetzt,[d62abc44fb05837d4b4bd87b51b333cd] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlDay", "16057");), Ersetzt,[9a663fc19f618779cfc7f45f5ba92ed2] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlRef", "MOY00621");), Ersetzt,[7888748c58a8fd032175da79dc28e719] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.lastB", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001");), Ersetzt,[8080aa565ba5d62ad6c09bb85da7cb35] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.lastVrsnTs", "1.8.21.1411:01:52");), Ersetzt,[dd232cd4768a6d93bed8b59e73918a76] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTab", true);), Ersetzt,[b34dc63aa0606c94dfb7e66d08fc9b65] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=442d18f700000000000090e6ba330a85");), Ersetzt,[0df35fa1c53b1ee2ade99db6b64e0ff1] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.pnu_opencandy2013", "{\"newVrsn\":\"3\",\"lastVrsn\":\"3\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Ersetzt,[48b8fb050df36e92910596bdbb49629e] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prdct", "Softonic");), Ersetzt,[aa5690703bc504fc2274084b9b691fe1] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prtnrId", "softonic");), Ersetzt,[48b8887808f8fe02445286cd27dda957] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.rvrt", "false");), Ersetzt,[8f7136ca4eb2d8285640470c28dcf20e] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.sg", "none");), Ersetzt,[a35d54ac11ef5fa140561c377f852fd1] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.smplGrp", "none");), Ersetzt,[659bff01c33d9f61f6a0312256aead53] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");), Ersetzt,[dc2449b7de226f91484e59fa9b69867a] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.storage\\storage\\mpvfloatingwindmutex", "359577629715822@@@Sat Apr 19 2014 14:15:41 GMT+0200");), Ersetzt,[5ca417e937c97789771fc78c6a9a6a96] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "7b07bba21278041cf136c99651cab781@@@Sat Apr 19 2014 14:15:41 GMT+0200");), Ersetzt,[9c64ed13758b46bae0b64e05b74dcd33] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrId", "opencandy2013");), Ersetzt,[50b0f7094fb14fb1c9cdcb88c53fe11f] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=442d18f700000000000090e6ba330a85&q=");), Ersetzt,[ef11be424fb16e92c7cfd87b06fe2ad6] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsn", "1.8.21.14");), Ersetzt,[b7498d7343bdc8389105dc7750b425db] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsnTs", "1.8.21.1411:01:52");), Ersetzt,[639d4bb5b34d22de7026490a49bb42be] PUP.Optional.Softonic.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsni", "1.8.21.14");), Ersetzt,[7f81cc3424dc17e9bed83c17b84c51af] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[ef11bc44c63ad729801c153e2ada5ca4] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[ac54639dd62a1fe19408242f966e02fe] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[32ceaa56649c09f7594362f1659f0ef2] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[9d63e31d4db357a9e1bb7ed5f4106d93] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[15eb51afba4638c8dac2b2a1ec1825db] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[fb051ae6aa56837dc6d660f30103cf31] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[e51ba55b7e82f30ddebe86cdbd47a060] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "442d18f700000000000090e6ba330a85");), Ersetzt,[03fd4ab6738d31cf0f8df06302024bb5] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15958");), Ersetzt,[d12f51af27d91fe1059793c029db31cf] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[39c7be4214ec728e6b31480ba26231cf] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[6f912ed29c6435cbacf03b18877d05fb] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[bf4198685fa1ec14811bce85a460f010] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[e51bd62ac0404db3b9e3bc9735cf6a96] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[58a8926ecd331ce4316bf1628f75f60a] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[4ab65aa6b64a55ab4f4df85bba4a718f] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[7d83b05008f8d32da7f53b1834d00df3] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[33cd44bc21dfff01435978dbfa0a57a9] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Ersetzt,[ec149d638779c63a9efed08307fd4fb1] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.611:45:52");), Ersetzt,[e02039c7e61ac13f0b912e258d77d62a] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Ersetzt,[629e40c0d12f8e722a72b89bd82c738d] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[6e9253adab553fc1efaddc777b89a759] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=121565&tsp=5001");), Ersetzt,[8e7204fced13b848e0bc11425ba9916f] PUP.Optional.Delta.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[847c7888f60a3bc59b010c4711f317e9] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 10:22:29
# Aktualisiert 20/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Asus - ASUS-PC
# Gestartet von : C:\Users\Asus\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\Asus\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Asus\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\DVDVideoSoft
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\invalidprefs.js
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5f2dc8db534ba46
Schlüssel Gelöscht : HKLM\SOFTWARE\5f2dc8db534ba46
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A77C0F0-C55C-4615-910F-EE854686C79F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87AF3CF3-CBF0-40F5-9D95-B150AE3796F3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.cntry", "AT");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,182856413[...]
Zeile gelöscht : user_pref("extensions.Softonic.dspFFXOld", "");
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hdrMd5", "300E7E46BE88048E11310B57E25A43F5");
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=442d18f700000000000090e6ba330a85");
Zeile gelöscht : user_pref("extensions.Softonic.hpFFXOld", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001");
Zeile gelöscht : user_pref("extensions.Softonic.id", "442d18f700000000000090e6ba330a85");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16057");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.lastB", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=442D90E6BA330A85&affID=121565&tsp=5001");
Zeile gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.8.21.1411:01:52");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=442d18f700000000000090e6ba330a85");
Zeile gelöscht : user_pref("extensions.Softonic.pnu_opencandy2013", "{\"newVrsn\":\"3\",\"lastVrsn\":\"3\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.sg", "none");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.storage\\storage\\mpvfloatingwindmutex", "359577629715822@@@Sat Apr 19 2014 14:15:41 GMT+0200");
Zeile gelöscht : user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "7b07bba21278041cf136c99651cab781@@@Sat Apr 19 2014 14:15:41 GMT+0200");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=442d18f700000000000090e6ba330a85&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1411:01:52");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "442d18f700000000000090e6ba330a85");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15958");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.611:45:52");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121565&tsp=5001");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
*************************
AdwCleaner[R0].txt - [16017 octets] - [20/04/2014 10:01:49]
AdwCleaner[R1].txt - [16078 octets] - [20/04/2014 10:17:23]
AdwCleaner[S0].txt - [15313 octets] - [20/04/2014 10:22:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15374 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Asus on 20.04.2014 at 10:27:21,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2445338190-908188242-489134224-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68979ACB-2FEA-43C4-A7C7-39DB1F687E2E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9D232464-EF5F-440F-BACF-4D0D80499B7B}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [File] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\rzlx47i0.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\rzlx47i0.default\minidumps [36 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2014 at 10:38:58,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01 Ran by Asus (administrator) on ASUS-PC on 20-04-2014 10:47:30 Running from C:\Users\Asus\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\3DataManager\WTGService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Windows\AsScrPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16330272 2009-07-02] (NVIDIA Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (Tlapia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x117C57A60A5ACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default FF Homepage: hxxp://www.google.at/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-05] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (Tlapia) S2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (Tlapia) S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-04] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-04] (Trend Micro Inc.) R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [296400 2009-02-27] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2008-12-13] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-04] (Trend Micro Inc.) R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.) R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 tmlwf; U3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieUserList 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieSiteList 2014-04-20 10:38 - 2014-04-20 10:40 - 00001652 _____ () C:\Users\Asus\Desktop\JRT.txt 2014-04-20 10:27 - 2014-04-20 10:27 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 10:24 - 2014-04-20 10:24 - 00015523 _____ () C:\Users\Asus\Desktop\AdwCleaner[S0].txt 2014-04-20 10:01 - 2014-04-20 10:22 - 00000000 ____D () C:\AdwCleaner 2014-04-20 10:00 - 2014-04-20 10:00 - 01308369 _____ () C:\Users\Asus\Desktop\adwcleaner.exe 2014-04-20 09:55 - 2014-04-20 09:55 - 00040128 _____ () C:\Users\Asus\Desktop\mbam.txt 2014-04-19 14:17 - 2014-04-20 10:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 14:16 - 2014-04-19 14:16 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 14:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-19 14:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-19 14:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-19 14:11 - 2014-04-19 14:11 - 01016261 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe 2014-04-19 14:09 - 2014-04-19 14:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Asus\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-18 20:13 - 2014-04-18 20:13 - 00026102 _____ () C:\ComboFix.txt 2014-04-18 19:49 - 2014-04-18 20:14 - 00000000 ____D () C:\Qoobox 2014-04-18 19:49 - 2014-04-18 20:14 - 00000000 ____D () C:\ComboFix 2014-04-18 19:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-18 19:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-18 19:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-18 19:48 - 2014-04-18 20:09 - 00000000 ____D () C:\Windows\erdnt 2014-04-18 19:43 - 2014-04-18 19:44 - 05195154 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe 2014-04-18 11:12 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-18 11:12 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-18 11:12 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-18 11:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-18 11:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-18 11:11 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-18 11:11 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-18 11:11 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-18 11:11 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-18 11:11 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-18 11:11 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-18 11:11 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-18 11:11 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-18 11:11 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-18 11:11 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-18 11:11 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-18 11:11 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-18 11:11 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-18 11:11 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-18 11:11 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-18 11:11 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-18 11:11 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-18 11:11 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-18 11:11 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-18 11:11 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-18 11:11 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-18 11:11 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-18 11:11 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-18 11:11 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-18 11:11 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-18 11:11 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-18 11:11 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-18 11:11 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-18 11:11 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-18 11:11 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-18 11:11 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-18 11:11 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-18 11:11 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-18 11:11 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-18 11:11 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-18 11:11 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-18 11:11 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-18 11:11 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-18 11:11 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-18 11:11 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-18 11:11 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-18 11:11 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-18 11:11 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-16 21:32 - 2014-04-16 21:32 - 00019618 _____ () C:\Users\Asus\Desktop\Avira Scan.txt 2014-04-16 20:26 - 2014-04-16 20:26 - 00002842 _____ () C:\Users\Asus\Desktop\Gmer.txt 2014-04-16 20:02 - 2014-04-16 20:02 - 00291888 _____ () C:\Windows\Minidump\041614-14055-01.dmp 2014-04-16 19:41 - 2014-04-16 19:43 - 00380416 _____ () C:\Users\Asus\Desktop\Gmer-19357.exe 2014-04-16 19:38 - 2014-04-16 19:40 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt 2014-04-16 19:37 - 2014-04-20 10:47 - 00011664 _____ () C:\Users\Asus\Desktop\FRST.txt 2014-04-16 19:37 - 2014-04-20 10:47 - 00000000 ____D () C:\FRST 2014-04-16 19:36 - 2014-04-16 19:36 - 02158080 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe 2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log 2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable 2014-04-16 19:30 - 2014-04-16 19:33 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe 2014-04-16 19:29 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-16 19:29 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-16 19:29 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-16 19:29 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-16 19:29 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-16 19:29 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-16 19:29 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-16 19:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-16 19:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-16 19:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-16 19:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-16 19:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-16 19:27 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-16 19:11 - 2014-04-16 19:43 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons 2014-04-16 19:08 - 2009-02-20 17:27 - 00719360 ____N (Microsoft Corporation) C:\Windows\SysWOW64\bmutil.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00471040 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmnet.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00294912 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bminstall.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00126976 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmdumpd.bin 2014-04-16 19:08 - 2009-02-20 17:27 - 00022528 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\BMLoad.sys 2014-04-16 19:08 - 2009-02-20 17:27 - 00018816 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\tcpipBM.sys 2014-04-16 19:08 - 2009-02-20 17:27 - 00008464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sporder.dll 2014-04-16 19:08 - 2008-12-13 11:28 - 00116864 ____N (Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewusbmdm.sys 2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp 2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp 2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp 2014-04-10 15:05 - 2014-04-10 15:06 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp 2014-03-26 13:30 - 2014-04-16 20:02 - 571849902 _____ () C:\Windows\MEMORY.DMP 2014-03-26 13:30 - 2014-04-16 20:02 - 00000000 ____D () C:\Windows\Minidump 2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp ==================== One Month Modified Files and Folders ======= 2014-04-20 10:47 - 2014-04-16 19:37 - 00011664 _____ () C:\Users\Asus\Desktop\FRST.txt 2014-04-20 10:47 - 2014-04-16 19:37 - 00000000 ____D () C:\FRST 2014-04-20 10:45 - 2013-05-24 09:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieUserList 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieSiteList 2014-04-20 10:42 - 2014-04-19 14:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 10:41 - 2012-05-04 21:24 - 00003166 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl 2014-04-20 10:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 10:41 - 2009-07-14 06:51 - 00054061 _____ () C:\Windows\setupact.log 2014-04-20 10:40 - 2014-04-20 10:38 - 00001652 _____ () C:\Users\Asus\Desktop\JRT.txt 2014-04-20 10:40 - 2012-05-04 21:11 - 01586725 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 10:31 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 10:31 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 10:27 - 2014-04-20 10:27 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 10:24 - 2014-04-20 10:24 - 00015523 _____ () C:\Users\Asus\Desktop\AdwCleaner[S0].txt 2014-04-20 10:22 - 2014-04-20 10:01 - 00000000 ____D () C:\AdwCleaner 2014-04-20 10:00 - 2014-04-20 10:00 - 01308369 _____ () C:\Users\Asus\Desktop\adwcleaner.exe 2014-04-20 09:55 - 2014-04-20 09:55 - 00040128 _____ () C:\Users\Asus\Desktop\mbam.txt 2014-04-19 14:38 - 2012-05-04 21:16 - 00001645 _____ () C:\Windows\system32\ServiceFilter.ini 2014-04-19 14:37 - 2012-05-04 21:23 - 00452112 _____ () C:\Windows\PFRO.log 2014-04-19 14:16 - 2014-04-19 14:16 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 14:11 - 2014-04-19 14:11 - 01016261 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe 2014-04-19 14:10 - 2014-04-19 14:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Asus\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-18 20:14 - 2014-04-18 19:49 - 00000000 ____D () C:\Qoobox 2014-04-18 20:14 - 2014-04-18 19:49 - 00000000 ____D () C:\ComboFix 2014-04-18 20:13 - 2014-04-18 20:13 - 00026102 _____ () C:\ComboFix.txt 2014-04-18 20:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-04-18 20:09 - 2014-04-18 19:48 - 00000000 ____D () C:\Windows\erdnt 2014-04-18 20:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-18 19:44 - 2014-04-18 19:43 - 05195154 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe 2014-04-18 11:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-18 11:13 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-18 11:13 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-18 11:13 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-17 18:15 - 2012-12-08 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-16 21:32 - 2014-04-16 21:32 - 00019618 _____ () C:\Users\Asus\Desktop\Avira Scan.txt 2014-04-16 20:26 - 2014-04-16 20:26 - 00002842 _____ () C:\Users\Asus\Desktop\Gmer.txt 2014-04-16 20:02 - 2014-04-16 20:02 - 00291888 _____ () C:\Windows\Minidump\041614-14055-01.dmp 2014-04-16 20:02 - 2014-03-26 13:30 - 571849902 _____ () C:\Windows\MEMORY.DMP 2014-04-16 20:02 - 2014-03-26 13:30 - 00000000 ____D () C:\Windows\Minidump 2014-04-16 19:43 - 2014-04-16 19:41 - 00380416 _____ () C:\Users\Asus\Desktop\Gmer-19357.exe 2014-04-16 19:43 - 2014-04-16 19:11 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager 2014-04-16 19:40 - 2014-04-16 19:38 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt 2014-04-16 19:36 - 2014-04-16 19:36 - 02158080 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe 2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log 2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable 2014-04-16 19:34 - 2012-05-06 15:24 - 00000000 ____D () C:\Users\Asus 2014-04-16 19:33 - 2014-04-16 19:30 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe 2014-04-16 19:18 - 2012-05-06 15:25 - 00000000 ___RD () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons 2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp 2014-04-16 18:29 - 2009-07-14 07:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp 2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp 2014-04-10 15:06 - 2014-04-10 15:05 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp 2014-04-03 09:51 - 2014-04-19 14:16 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-19 14:16 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-19 14:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 09:35 - 2012-07-05 10:45 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-26 13:53 - 2012-12-08 16:36 - 00000000 ____D () C:\Users\Asus\AppData\Local\Microsoft Help 2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp 2014-03-26 12:58 - 2014-02-25 12:34 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-03-26 12:56 - 2013-05-24 09:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-26 12:56 - 2012-09-13 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-26 12:56 - 2012-09-13 19:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-26 12:54 - 2009-07-14 06:45 - 00415016 _____ () C:\Windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\Asus\AppData\Local\Temp\avgnt.exe C:\Users\Asus\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 13:48 ==================== End Of Log ============================ --- --- --- |
|
20.04.2014, 18:33
| #8 |
| /// the machine /// TB-Ausbilder | TR/BProtctor.GenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.04.2014, 10:41
| #9 |
| | TR/BProtctor.Gen So Hier einmal der Log von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8222149fc502d849a05f093ec9cd7db6
# engine=17964
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-21 08:59:32
# local_time=2014-04-21 10:59:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=513 16777085 100 97 5430 148658749 0 0
# compatibility_mode=1799 16775165 100 94 5115 168742077 0 0
# compatibility_mode=5893 16776573 100 94 86873 149700622 0 0
# scanned=137508
# found=0
# cleaned=0
# scan_time=4690
Es scheint wieder alles zu Funktionieren wie es soll Vielen vielen Dank dafür! |
|
21.04.2014, 20:56
| #10 |
| /// the machine /// TB-Ausbilder | TR/BProtctor.Gen Einfach das frische FRST bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.04.2014, 20:21
| #11 |
| | TR/BProtctor.Gen So,hier nochmal ein frischer FRST Log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by Asus (administrator) on ASUS-PC on 23-04-2014 21:12:58 Running from C:\Users\Asus\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\3DataManager\WTGService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Windows\AsScrPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16330272 2009-07-02] (NVIDIA Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (Tlapia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x117C57A60A5ACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default FF Homepage: hxxp://www.google.at/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-05] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (Tlapia) S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-04] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-04] (Trend Micro Inc.) R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [296400 2009-02-27] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2008-12-13] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-04] (Trend Micro Inc.) R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.) R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 tmlwf; U3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-22 17:00 - 2014-04-22 17:00 - 00000000 ____D () C:\Users\Asus\Desktop\FRST-OlderVersion 2014-04-21 11:22 - 2014-04-21 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-20 10:48 - 2014-04-20 10:48 - 00032932 _____ () C:\Users\Asus\Desktop\FRST_2.txt 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieUserList 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieSiteList 2014-04-20 10:38 - 2014-04-20 10:40 - 00001652 _____ () C:\Users\Asus\Desktop\JRT.txt 2014-04-20 10:27 - 2014-04-20 10:27 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 10:24 - 2014-04-20 10:24 - 00015523 _____ () C:\Users\Asus\Desktop\AdwCleaner[S0].txt 2014-04-20 10:01 - 2014-04-20 10:22 - 00000000 ____D () C:\AdwCleaner 2014-04-20 10:00 - 2014-04-20 10:00 - 01308369 _____ () C:\Users\Asus\Desktop\adwcleaner.exe 2014-04-20 09:55 - 2014-04-20 09:55 - 00040128 _____ () C:\Users\Asus\Desktop\mbam.txt 2014-04-19 14:17 - 2014-04-23 21:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 14:16 - 2014-04-19 14:16 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 14:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-19 14:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-19 14:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-19 14:11 - 2014-04-19 14:11 - 01016261 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe 2014-04-18 20:13 - 2014-04-18 20:13 - 00026102 _____ () C:\ComboFix.txt 2014-04-18 19:49 - 2014-04-18 20:14 - 00000000 ____D () C:\Qoobox 2014-04-18 19:49 - 2014-04-18 20:14 - 00000000 ____D () C:\ComboFix 2014-04-18 19:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-18 19:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-18 19:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-18 19:48 - 2014-04-18 20:09 - 00000000 ____D () C:\Windows\erdnt 2014-04-18 19:43 - 2014-04-18 19:44 - 05195154 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe 2014-04-18 11:12 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-18 11:12 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-18 11:12 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-18 11:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-18 11:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-18 11:11 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-18 11:11 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-18 11:11 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-18 11:11 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-18 11:11 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-18 11:11 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-18 11:11 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-18 11:11 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-18 11:11 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-18 11:11 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-18 11:11 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-18 11:11 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-18 11:11 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-18 11:11 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-18 11:11 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-18 11:11 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-18 11:11 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-18 11:11 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-18 11:11 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-18 11:11 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-18 11:11 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-18 11:11 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-18 11:11 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-18 11:11 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-18 11:11 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-18 11:11 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-18 11:11 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-18 11:11 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-18 11:11 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-18 11:11 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-18 11:11 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-18 11:11 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-18 11:11 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-18 11:11 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-18 11:11 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-18 11:11 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-18 11:11 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-18 11:11 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-18 11:11 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-18 11:11 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-18 11:11 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-18 11:11 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-18 11:11 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-16 21:32 - 2014-04-16 21:32 - 00019618 _____ () C:\Users\Asus\Desktop\Avira Scan.txt 2014-04-16 20:26 - 2014-04-16 20:26 - 00002842 _____ () C:\Users\Asus\Desktop\Gmer.txt 2014-04-16 20:02 - 2014-04-16 20:02 - 00291888 _____ () C:\Windows\Minidump\041614-14055-01.dmp 2014-04-16 19:41 - 2014-04-16 19:43 - 00380416 _____ () C:\Users\Asus\Desktop\Gmer-19357.exe 2014-04-16 19:38 - 2014-04-16 19:40 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt 2014-04-16 19:37 - 2014-04-23 21:12 - 00011810 _____ () C:\Users\Asus\Desktop\FRST.txt 2014-04-16 19:37 - 2014-04-23 21:12 - 00000000 ____D () C:\FRST 2014-04-16 19:36 - 2014-04-22 17:00 - 02061312 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe 2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log 2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable 2014-04-16 19:30 - 2014-04-16 19:33 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe 2014-04-16 19:29 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-16 19:29 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-16 19:29 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-16 19:29 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-16 19:29 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-16 19:29 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-16 19:29 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-16 19:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-16 19:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-16 19:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-16 19:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-16 19:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-16 19:27 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-16 19:11 - 2014-04-16 19:43 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons 2014-04-16 19:08 - 2009-02-20 17:27 - 00719360 ____N (Microsoft Corporation) C:\Windows\SysWOW64\bmutil.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00471040 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmnet.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00294912 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bminstall.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00126976 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmdumpd.bin 2014-04-16 19:08 - 2009-02-20 17:27 - 00022528 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\BMLoad.sys 2014-04-16 19:08 - 2009-02-20 17:27 - 00018816 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\tcpipBM.sys 2014-04-16 19:08 - 2009-02-20 17:27 - 00008464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sporder.dll 2014-04-16 19:08 - 2008-12-13 11:28 - 00116864 ____N (Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewusbmdm.sys 2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp 2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp 2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp 2014-04-10 15:05 - 2014-04-10 15:06 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp 2014-03-26 13:30 - 2014-04-16 20:02 - 571849902 _____ () C:\Windows\MEMORY.DMP 2014-03-26 13:30 - 2014-04-16 20:02 - 00000000 ____D () C:\Windows\Minidump 2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp ==================== One Month Modified Files and Folders ======= 2014-04-23 21:13 - 2014-04-16 19:37 - 00011810 _____ () C:\Users\Asus\Desktop\FRST.txt 2014-04-23 21:12 - 2014-04-19 14:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-23 21:12 - 2014-04-16 19:37 - 00000000 ____D () C:\FRST 2014-04-23 21:10 - 2012-05-04 21:24 - 00003166 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl 2014-04-23 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-23 21:10 - 2009-07-14 06:51 - 00054341 _____ () C:\Windows\setupact.log 2014-04-22 17:05 - 2012-05-04 21:11 - 01681779 _____ () C:\Windows\WindowsUpdate.log 2014-04-22 17:01 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-22 17:01 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-22 17:00 - 2014-04-22 17:00 - 00000000 ____D () C:\Users\Asus\Desktop\FRST-OlderVersion 2014-04-22 17:00 - 2014-04-16 19:36 - 02061312 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe 2014-04-22 16:53 - 2012-09-25 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-21 12:45 - 2013-05-24 09:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-21 11:25 - 2012-05-04 21:23 - 00454224 _____ () C:\Windows\PFRO.log 2014-04-21 11:22 - 2014-04-21 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-20 10:48 - 2014-04-20 10:48 - 00032932 _____ () C:\Users\Asus\Desktop\FRST_2.txt 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieUserList 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieSiteList 2014-04-20 10:40 - 2014-04-20 10:38 - 00001652 _____ () C:\Users\Asus\Desktop\JRT.txt 2014-04-20 10:27 - 2014-04-20 10:27 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 10:24 - 2014-04-20 10:24 - 00015523 _____ () C:\Users\Asus\Desktop\AdwCleaner[S0].txt 2014-04-20 10:22 - 2014-04-20 10:01 - 00000000 ____D () C:\AdwCleaner 2014-04-20 10:00 - 2014-04-20 10:00 - 01308369 _____ () C:\Users\Asus\Desktop\adwcleaner.exe 2014-04-20 09:55 - 2014-04-20 09:55 - 00040128 _____ () C:\Users\Asus\Desktop\mbam.txt 2014-04-19 14:38 - 2012-05-04 21:16 - 00001645 _____ () C:\Windows\system32\ServiceFilter.ini 2014-04-19 14:16 - 2014-04-19 14:16 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 14:11 - 2014-04-19 14:11 - 01016261 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe 2014-04-18 20:14 - 2014-04-18 19:49 - 00000000 ____D () C:\Qoobox 2014-04-18 20:14 - 2014-04-18 19:49 - 00000000 ____D () C:\ComboFix 2014-04-18 20:13 - 2014-04-18 20:13 - 00026102 _____ () C:\ComboFix.txt 2014-04-18 20:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-04-18 20:09 - 2014-04-18 19:48 - 00000000 ____D () C:\Windows\erdnt 2014-04-18 20:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-18 19:44 - 2014-04-18 19:43 - 05195154 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe 2014-04-18 11:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-18 11:13 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-18 11:13 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-18 11:13 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-17 18:15 - 2012-12-08 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-16 21:32 - 2014-04-16 21:32 - 00019618 _____ () C:\Users\Asus\Desktop\Avira Scan.txt 2014-04-16 20:26 - 2014-04-16 20:26 - 00002842 _____ () C:\Users\Asus\Desktop\Gmer.txt 2014-04-16 20:02 - 2014-04-16 20:02 - 00291888 _____ () C:\Windows\Minidump\041614-14055-01.dmp 2014-04-16 20:02 - 2014-03-26 13:30 - 571849902 _____ () C:\Windows\MEMORY.DMP 2014-04-16 20:02 - 2014-03-26 13:30 - 00000000 ____D () C:\Windows\Minidump 2014-04-16 19:43 - 2014-04-16 19:41 - 00380416 _____ () C:\Users\Asus\Desktop\Gmer-19357.exe 2014-04-16 19:43 - 2014-04-16 19:11 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager 2014-04-16 19:40 - 2014-04-16 19:38 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt 2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log 2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable 2014-04-16 19:34 - 2012-05-06 15:24 - 00000000 ____D () C:\Users\Asus 2014-04-16 19:33 - 2014-04-16 19:30 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe 2014-04-16 19:18 - 2012-05-06 15:25 - 00000000 ___RD () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons 2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp 2014-04-16 18:29 - 2009-07-14 07:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp 2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp 2014-04-10 15:06 - 2014-04-10 15:05 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp 2014-04-03 09:51 - 2014-04-19 14:16 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-19 14:16 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-19 14:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 09:35 - 2012-07-05 10:45 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-26 13:53 - 2012-12-08 16:36 - 00000000 ____D () C:\Users\Asus\AppData\Local\Microsoft Help 2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp 2014-03-26 12:58 - 2014-02-25 12:34 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-03-26 12:56 - 2013-05-24 09:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-26 12:56 - 2012-09-13 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-26 12:56 - 2012-09-13 19:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-26 12:54 - 2009-07-14 06:45 - 00415016 _____ () C:\Windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\Asus\AppData\Local\Temp\avgnt.exe C:\Users\Asus\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 13:48 ==================== End Of Log ============================ --- --- --- So, hier nochmal ein frischer FRST Log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by Asus (administrator) on ASUS-PC on 23-04-2014 21:12:58 Running from C:\Users\Asus\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\3DataManager\WTGService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Windows\AsScrPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16330272 2009-07-02] (NVIDIA Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (Tlapia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x117C57A60A5ACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default FF Homepage: hxxp://www.google.at/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rzlx47i0.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-05] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (Tlapia) S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-04] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-04] (Trend Micro Inc.) R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [296400 2009-02-27] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2008-12-13] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-04] (Trend Micro Inc.) R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.) R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 tmlwf; U3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-22 17:00 - 2014-04-22 17:00 - 00000000 ____D () C:\Users\Asus\Desktop\FRST-OlderVersion 2014-04-21 11:22 - 2014-04-21 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-20 10:48 - 2014-04-20 10:48 - 00032932 _____ () C:\Users\Asus\Desktop\FRST_2.txt 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieUserList 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieSiteList 2014-04-20 10:38 - 2014-04-20 10:40 - 00001652 _____ () C:\Users\Asus\Desktop\JRT.txt 2014-04-20 10:27 - 2014-04-20 10:27 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 10:24 - 2014-04-20 10:24 - 00015523 _____ () C:\Users\Asus\Desktop\AdwCleaner[S0].txt 2014-04-20 10:01 - 2014-04-20 10:22 - 00000000 ____D () C:\AdwCleaner 2014-04-20 10:00 - 2014-04-20 10:00 - 01308369 _____ () C:\Users\Asus\Desktop\adwcleaner.exe 2014-04-20 09:55 - 2014-04-20 09:55 - 00040128 _____ () C:\Users\Asus\Desktop\mbam.txt 2014-04-19 14:17 - 2014-04-23 21:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 14:16 - 2014-04-19 14:16 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 14:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-19 14:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-19 14:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-19 14:11 - 2014-04-19 14:11 - 01016261 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe 2014-04-18 20:13 - 2014-04-18 20:13 - 00026102 _____ () C:\ComboFix.txt 2014-04-18 19:49 - 2014-04-18 20:14 - 00000000 ____D () C:\Qoobox 2014-04-18 19:49 - 2014-04-18 20:14 - 00000000 ____D () C:\ComboFix 2014-04-18 19:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-18 19:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-18 19:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-18 19:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-18 19:48 - 2014-04-18 20:09 - 00000000 ____D () C:\Windows\erdnt 2014-04-18 19:43 - 2014-04-18 19:44 - 05195154 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe 2014-04-18 11:12 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-18 11:12 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-18 11:12 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-18 11:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-18 11:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-18 11:11 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-18 11:11 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-18 11:11 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-18 11:11 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-18 11:11 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-18 11:11 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-18 11:11 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-18 11:11 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-18 11:11 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-18 11:11 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-18 11:11 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-18 11:11 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-18 11:11 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-18 11:11 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-18 11:11 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-18 11:11 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-18 11:11 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-18 11:11 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-18 11:11 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-18 11:11 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-18 11:11 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-18 11:11 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-18 11:11 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-18 11:11 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-18 11:11 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-18 11:11 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-18 11:11 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-18 11:11 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-18 11:11 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-18 11:11 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-18 11:11 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-18 11:11 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-18 11:11 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-18 11:11 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-18 11:11 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-18 11:11 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-18 11:11 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-18 11:11 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-18 11:11 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-18 11:11 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-18 11:11 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-18 11:11 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-18 11:11 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-16 21:32 - 2014-04-16 21:32 - 00019618 _____ () C:\Users\Asus\Desktop\Avira Scan.txt 2014-04-16 20:26 - 2014-04-16 20:26 - 00002842 _____ () C:\Users\Asus\Desktop\Gmer.txt 2014-04-16 20:02 - 2014-04-16 20:02 - 00291888 _____ () C:\Windows\Minidump\041614-14055-01.dmp 2014-04-16 19:41 - 2014-04-16 19:43 - 00380416 _____ () C:\Users\Asus\Desktop\Gmer-19357.exe 2014-04-16 19:38 - 2014-04-16 19:40 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt 2014-04-16 19:37 - 2014-04-23 21:12 - 00011810 _____ () C:\Users\Asus\Desktop\FRST.txt 2014-04-16 19:37 - 2014-04-23 21:12 - 00000000 ____D () C:\FRST 2014-04-16 19:36 - 2014-04-22 17:00 - 02061312 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe 2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log 2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable 2014-04-16 19:30 - 2014-04-16 19:33 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe 2014-04-16 19:29 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-16 19:29 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-16 19:29 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-16 19:29 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-16 19:29 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-16 19:29 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-16 19:29 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-16 19:29 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-16 19:29 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-16 19:29 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-16 19:29 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-16 19:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-16 19:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-16 19:27 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-16 19:11 - 2014-04-16 19:43 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons 2014-04-16 19:08 - 2009-02-20 17:27 - 00719360 ____N (Microsoft Corporation) C:\Windows\SysWOW64\bmutil.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00471040 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmnet.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00294912 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bminstall.dll 2014-04-16 19:08 - 2009-02-20 17:27 - 00126976 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\bmdumpd.bin 2014-04-16 19:08 - 2009-02-20 17:27 - 00022528 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\BMLoad.sys 2014-04-16 19:08 - 2009-02-20 17:27 - 00018816 ____N (Bytemobile, Inc.) C:\Windows\SysWOW64\Drivers\tcpipBM.sys 2014-04-16 19:08 - 2009-02-20 17:27 - 00008464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sporder.dll 2014-04-16 19:08 - 2008-12-13 11:28 - 00116864 ____N (Huawei Technologies Co., Ltd.) C:\Windows\SysWOW64\Drivers\ewusbmdm.sys 2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp 2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp 2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp 2014-04-10 15:05 - 2014-04-10 15:06 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp 2014-03-26 13:30 - 2014-04-16 20:02 - 571849902 _____ () C:\Windows\MEMORY.DMP 2014-03-26 13:30 - 2014-04-16 20:02 - 00000000 ____D () C:\Windows\Minidump 2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp ==================== One Month Modified Files and Folders ======= 2014-04-23 21:13 - 2014-04-16 19:37 - 00011810 _____ () C:\Users\Asus\Desktop\FRST.txt 2014-04-23 21:12 - 2014-04-19 14:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-23 21:12 - 2014-04-16 19:37 - 00000000 ____D () C:\FRST 2014-04-23 21:10 - 2012-05-04 21:24 - 00003166 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl 2014-04-23 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-23 21:10 - 2009-07-14 06:51 - 00054341 _____ () C:\Windows\setupact.log 2014-04-22 17:05 - 2012-05-04 21:11 - 01681779 _____ () C:\Windows\WindowsUpdate.log 2014-04-22 17:01 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-22 17:01 - 2009-07-14 06:45 - 00016112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-22 17:00 - 2014-04-22 17:00 - 00000000 ____D () C:\Users\Asus\Desktop\FRST-OlderVersion 2014-04-22 17:00 - 2014-04-16 19:36 - 02061312 _____ (Farbar) C:\Users\Asus\Desktop\FRST64.exe 2014-04-22 16:53 - 2012-09-25 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-21 12:45 - 2013-05-24 09:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-21 11:25 - 2012-05-04 21:23 - 00454224 _____ () C:\Windows\PFRO.log 2014-04-21 11:22 - 2014-04-21 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-20 10:48 - 2014-04-20 10:48 - 00032932 _____ () C:\Users\Asus\Desktop\FRST_2.txt 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieUserList 2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 __SHD () C:\Users\Asus\AppData\Local\EmieSiteList 2014-04-20 10:40 - 2014-04-20 10:38 - 00001652 _____ () C:\Users\Asus\Desktop\JRT.txt 2014-04-20 10:27 - 2014-04-20 10:27 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 10:24 - 2014-04-20 10:24 - 00015523 _____ () C:\Users\Asus\Desktop\AdwCleaner[S0].txt 2014-04-20 10:22 - 2014-04-20 10:01 - 00000000 ____D () C:\AdwCleaner 2014-04-20 10:00 - 2014-04-20 10:00 - 01308369 _____ () C:\Users\Asus\Desktop\adwcleaner.exe 2014-04-20 09:55 - 2014-04-20 09:55 - 00040128 _____ () C:\Users\Asus\Desktop\mbam.txt 2014-04-19 14:38 - 2012-05-04 21:16 - 00001645 _____ () C:\Windows\system32\ServiceFilter.ini 2014-04-19 14:16 - 2014-04-19 14:16 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 14:16 - 2014-04-19 14:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 14:11 - 2014-04-19 14:11 - 01016261 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe 2014-04-18 20:14 - 2014-04-18 19:49 - 00000000 ____D () C:\Qoobox 2014-04-18 20:14 - 2014-04-18 19:49 - 00000000 ____D () C:\ComboFix 2014-04-18 20:13 - 2014-04-18 20:13 - 00026102 _____ () C:\ComboFix.txt 2014-04-18 20:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-04-18 20:09 - 2014-04-18 19:48 - 00000000 ____D () C:\Windows\erdnt 2014-04-18 20:01 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-18 19:44 - 2014-04-18 19:43 - 05195154 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe 2014-04-18 11:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-18 11:13 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-18 11:13 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-18 11:13 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-17 18:15 - 2012-12-08 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-16 21:32 - 2014-04-16 21:32 - 00019618 _____ () C:\Users\Asus\Desktop\Avira Scan.txt 2014-04-16 20:26 - 2014-04-16 20:26 - 00002842 _____ () C:\Users\Asus\Desktop\Gmer.txt 2014-04-16 20:02 - 2014-04-16 20:02 - 00291888 _____ () C:\Windows\Minidump\041614-14055-01.dmp 2014-04-16 20:02 - 2014-03-26 13:30 - 571849902 _____ () C:\Windows\MEMORY.DMP 2014-04-16 20:02 - 2014-03-26 13:30 - 00000000 ____D () C:\Windows\Minidump 2014-04-16 19:43 - 2014-04-16 19:41 - 00380416 _____ () C:\Users\Asus\Desktop\Gmer-19357.exe 2014-04-16 19:43 - 2014-04-16 19:11 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\3DataManager 2014-04-16 19:40 - 2014-04-16 19:38 - 00029595 _____ () C:\Users\Asus\Desktop\Addition.txt 2014-04-16 19:34 - 2014-04-16 19:34 - 00000470 _____ () C:\Users\Asus\Desktop\defogger_disable.log 2014-04-16 19:34 - 2014-04-16 19:34 - 00000000 _____ () C:\Users\Asus\defogger_reenable 2014-04-16 19:34 - 2012-05-06 15:24 - 00000000 ____D () C:\Users\Asus 2014-04-16 19:33 - 2014-04-16 19:30 - 00050477 _____ () C:\Users\Asus\Desktop\Defogger.exe 2014-04-16 19:18 - 2012-05-06 15:25 - 00000000 ___RD () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-16 19:08 - 2014-04-16 19:08 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys 2014-04-16 19:08 - 2014-04-16 19:08 - 00001985 _____ () C:\Users\Public\Desktop\3DataManager.lnk 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3DataManager 2014-04-16 19:08 - 2014-04-16 19:08 - 00000000 ____D () C:\Program Files (x86)\3-addons 2014-04-16 18:30 - 2014-04-16 18:30 - 00291888 _____ () C:\Windows\Minidump\041614-23259-01.dmp 2014-04-16 18:29 - 2009-07-14 07:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-16 18:13 - 2014-04-16 18:13 - 00291888 _____ () C:\Windows\Minidump\041614-19453-01.dmp 2014-04-10 15:11 - 2014-04-10 15:11 - 00291888 _____ () C:\Windows\Minidump\041014-20638-01.dmp 2014-04-10 15:06 - 2014-04-10 15:05 - 00291888 _____ () C:\Windows\Minidump\041014-23618-01.dmp 2014-04-03 09:51 - 2014-04-19 14:16 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-19 14:16 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-19 14:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 09:35 - 2012-07-05 10:45 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-26 13:53 - 2012-12-08 16:36 - 00000000 ____D () C:\Users\Asus\AppData\Local\Microsoft Help 2014-03-26 13:30 - 2014-03-26 13:30 - 00291888 _____ () C:\Windows\Minidump\032614-22292-01.dmp 2014-03-26 12:58 - 2014-02-25 12:34 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-03-26 12:56 - 2013-05-24 09:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-26 12:56 - 2012-09-13 19:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-26 12:56 - 2012-09-13 19:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-26 12:54 - 2009-07-14 06:45 - 00415016 _____ () C:\Windows\system32\FNTCACHE.DAT Some content of TEMP: ==================== C:\Users\Asus\AppData\Local\Temp\avgnt.exe C:\Users\Asus\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 13:48 ==================== End Of Log ============================ --- --- --- |
|
24.04.2014, 12:30
| #12 |
| /// the machine /// TB-Ausbilder | TR/BProtctor.Gen sysTPL bitte deinstallieren. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.04.2014, 15:50
| #13 |
| | TR/BProtctor.Gen Hi, alles erledigt, hat dank deiner Hilfe super geklappt. Alleine hätte ich das nie geschafft. Nochmals tausend Dank dafür!!! Bleibt nur noch zu hoffen, dass mir soetwas, dank deiner Tipps, in Zukunft erspart bleibt. lG sumsi |
|
25.04.2014, 09:25
| #14 |
| /// the machine /// TB-Ausbilder | TR/BProtctor.Gen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
