Windows 8: Malwarebyte findet "Backdoor.Bot"

lleenn · 15.09.2014, 17:48

Hallo an alle,

habe gerade an meinem relativ neuen PC ein Routinelauf mit Malwarebyte durchgefuehrt und es wurde zwei mal ein "Backdoor.Bot" gefunden. Habe einen Windows 8.1 64bit Laptop.

Backdoor hoert sich ja schon mal nicht gut an... wie sollte ich da am besten vorgehen?

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.09.2014
Suchlauf-Zeit: 01:13:59
Logdatei: log.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.15.08
Rootkit Datenbank: v2014.09.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bosartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Lennart J

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363831
Verstrichene Zeit: 17 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlussel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
Backdoor.Bot, C:\Windows\SysWOW64\ASUS.scr, , [ed07ed00daa1cc6ae4f4695531d06b95], 
Backdoor.Bot, C:\Windows\Installer\14f1a.msi, , [b242ba3380fb7cbaaa2ea51928d935cb], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Waere fuer jede Hilfe dankebar,
Gruesse,
lleenn

deeprybka · 15.09.2014, 17:50

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

lleenn · 15.09.2014, 18:05

Hallo Juergen,

vielen Dank fuer deine schnelle Antwort.

Hier die logs

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Lennart J (administrator) on LENNART on 16-09-2014 01:53:59
Running from C:\Users\Lennart J\Desktop
Platform: Windows 8.1 (X64) OS Language: Japanisch (Japan)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\GMATPrep2012\GMATPrep.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\IME\SHARED\ImeBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Connectify Dispatch] => C:\Program Files (x86)\Connectify\DispatchUI.exe [1685280 2013-12-24] (Connectify)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [3755296 2013-12-24] (Connectify)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [kssetup] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2013-02-05] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-08-27] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-25646073-1747131351-1955705847-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-25646073-1747131351-1955705847-1002\...\Run: [GoogleChromeAutoLaunch_DCB3BC9A426922C0A83CB8FE94746CF2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lennart J\AppData\Roaming\Mozilla\Firefox\Profiles\op7qkd32.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/ig
CHR StartupUrls: Default -> "hxxp://www.google.de/ig"
CHR DefaultSearchKeyword: Default -> google.co.jp
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-18]
CHR Extension: (Google Drive) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-18]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-09]
CHR Extension: (Google-Suche) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-18]
CHR Extension: (Nyan Cat - Lost In Space) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcljdnphebefedbabblhmcoldpoofjg [2014-01-18]
CHR Extension: (AdBlock) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-18]
CHR Extension: (Stealthy) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2014-01-18]
CHR Extension: (Start Text Free Browsing) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioglfbphilinnhdmfbmfljmhemegfcdg [2014-01-18]
CHR Extension: (Vine Video Download) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\jebahcljabjndemkadpdnablhinojkil [2014-01-18]
CHR Extension: (rikaikun) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-09-09]
CHR Extension: (Little Alchemy) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-01-18]
CHR Extension: (Google Wallet) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR Extension: (Google Mail) - C:\Users\Lennart J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-12-24] (Connectify) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-03-25] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [35352 2014-01-28] (Connectify)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 01:53 - 2014-09-16 01:54 - 00022304 _____ () C:\Users\Lennart J\Desktop\FRST.txt
2014-09-16 01:53 - 2014-09-16 01:54 - 00000000 ____D () C:\FRST
2014-09-16 01:53 - 2014-09-16 01:53 - 02105856 _____ (Farbar) C:\Users\Lennart J\Desktop\FRST64.exe
2014-09-15 03:10 - 2014-09-15 03:10 - 13087456 _____ (Microsoft Corporation) C:\Users\Lennart J\Desktop\Silverlight_x64.exe
2014-09-15 03:10 - 2014-09-15 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-15 03:10 - 2014-09-15 03:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-15 03:10 - 2014-09-15 03:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-13 22:59 - 2014-09-13 23:00 - 00000000 ____D () C:\Users\Lennart J\Desktop\TODAI
2014-09-13 21:11 - 2014-09-13 21:12 - 00000000 ____D () C:\Program Files (x86)\GMATPrep2012
2014-09-13 21:11 - 2014-09-13 21:11 - 00000000 ____D () C:\Users\Lennart J\AppData\Roaming\GMATPrep
2014-09-13 21:11 - 2014-09-13 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMATPrep
2014-09-13 21:11 - 2013-10-22 01:55 - 00071280 _____ (Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\nlssrv32.exe
2014-09-13 21:09 - 2014-09-13 21:10 - 54662896 _____ (Graduate Management Admission Council (GMAC)) C:\Users\Lennart J\Desktop\GMATPrep-2.2.317-Windows.exe
2014-09-10 00:08 - 2014-09-10 00:08 - 00002751 _____ () C:\Users\Lennart J\AppData\Local\recently-used.xbel
2014-09-09 20:22 - 2014-09-09 20:22 - 00000000 ____D () C:\Users\Lennart J\AppData\Roaming\OpenOffice
2014-09-09 20:18 - 2014-09-09 20:18 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-09 20:18 - 2014-09-09 20:18 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-09 20:18 - 2014-09-09 20:18 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-09 20:08 - 2014-09-09 20:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-09 20:07 - 2014-09-09 20:07 - 00000000 ____D () C:\ProgramData\HP
2014-09-09 20:07 - 2010-10-13 12:02 - 00176640 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpcpn103.dll
2014-09-09 20:07 - 2010-10-13 11:57 - 00305664 _____ (Hewlett Packard Corporation) C:\WINDOWS\SysWOW64\hpcc3103.dll
2014-09-09 20:07 - 2010-09-19 15:51 - 00193592 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppdcompio.dll
2014-09-09 20:07 - 2010-09-19 15:51 - 00167480 _____ (Hewlett-Packard) C:\WINDOWS\SysWOW64\hppccompio.dll
2014-09-09 20:07 - 2010-02-11 10:19 - 00491008 _____ (HP) C:\WINDOWS\SysWOW64\hpcdmc32.dll
2014-09-09 08:27 - 2014-09-09 08:28 - 00000000 ___HD () C:\Users\Lennart J\Desktop\C
2014-09-09 03:34 - 2014-09-09 03:34 - 00000644 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-09-09 03:34 - 2014-09-09 03:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-09-09 03:31 - 2014-09-09 03:32 - 05965584 _____ (Wargaming.net ) C:\Users\Lennart J\Desktop\WoT_internet_install_eu.exe
2014-09-09 00:30 - 2014-09-09 00:32 - 263415282 _____ () C:\Users\Lennart J\Desktop\Us_-_Everywhere-2014-09-08.zip
2014-09-07 22:58 - 2014-09-07 22:58 - 00002118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PDFill PDF Editor.lnk
2014-09-07 22:58 - 2014-09-07 22:58 - 00002112 _____ () C:\Users\Public\Desktop\PDFill PDF Editor.lnk
2014-09-07 22:58 - 2014-09-07 22:58 - 00001110 _____ () C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2014-09-07 22:58 - 2014-09-07 22:58 - 00001080 _____ () C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2014-09-07 22:57 - 2014-09-07 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2014-09-07 22:57 - 2014-09-07 22:57 - 00000000 ____D () C:\ProgramData\PlotSoft
2014-09-07 22:57 - 2014-09-07 22:57 - 00000000 ____D () C:\Program Files (x86)\PlotSoft
2014-09-07 22:45 - 2014-09-08 04:26 - 00000000 ____D () C:\Users\Lennart J\Desktop\Bewerbung
2014-09-07 03:22 - 2014-09-09 22:57 - 00000000 ____D () C:\Users\Lennart J\Desktop\Sophie
2014-09-06 22:46 - 2014-09-06 22:46 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-05 17:51 - 2014-09-05 17:51 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-09-05 17:34 - 2014-08-23 09:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-19 18:02 - 2014-08-19 18:02 - 01176088 _____ () C:\WINDOWS\Minidump\081914-18078-01.dmp
2014-08-19 17:43 - 2014-08-19 17:44 - 01326592 _____ () C:\WINDOWS\Minidump\081914-34234-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 01:54 - 2014-09-16 01:53 - 00022304 _____ () C:\Users\Lennart J\Desktop\FRST.txt
2014-09-16 01:54 - 2014-09-16 01:53 - 00000000 ____D () C:\FRST
2014-09-16 01:53 - 2014-09-16 01:53 - 02105856 _____ (Farbar) C:\Users\Lennart J\Desktop\FRST64.exe
2014-09-16 01:31 - 2014-01-19 13:31 - 00000398 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_Lennart J.job
2014-09-16 01:30 - 2013-04-25 17:41 - 00000422 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
2014-09-16 01:25 - 2014-01-28 01:08 - 01197148 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-16 01:23 - 2014-01-28 19:15 - 01296896 ___SH () C:\Users\Lennart J\Desktop\Thumbs.db
2014-09-16 01:13 - 2014-07-23 21:04 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 01:11 - 2014-01-18 17:39 - 00000712 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 01:02 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-16 00:05 - 2014-01-18 17:03 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-25646073-1747131351-1955705847-1002
2014-09-15 08:42 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-15 06:07 - 2012-07-26 16:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-15 06:00 - 2014-01-19 21:47 - 00000000 ____D () C:\Users\Lennart J\AppData\Roaming\Skype
2014-09-15 04:11 - 2014-01-18 17:40 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 04:11 - 2014-01-18 17:39 - 00000708 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 03:10 - 2014-09-15 03:10 - 13087456 _____ (Microsoft Corporation) C:\Users\Lennart J\Desktop\Silverlight_x64.exe
2014-09-15 03:10 - 2014-09-15 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-15 03:10 - 2014-09-15 03:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-15 03:10 - 2014-09-15 03:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-14 23:09 - 2014-01-19 21:47 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 21:32 - 2013-04-25 17:40 - 07834702 _____ () C:\WINDOWS\AsDebug.log
2014-09-13 23:00 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\Lennart J\Desktop\TODAI
2014-09-13 21:12 - 2014-09-13 21:11 - 00000000 ____D () C:\Program Files (x86)\GMATPrep2012
2014-09-13 21:11 - 2014-09-13 21:11 - 00000000 ____D () C:\Users\Lennart J\AppData\Roaming\GMATPrep
2014-09-13 21:11 - 2014-09-13 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMATPrep
2014-09-13 21:10 - 2014-09-13 21:09 - 54662896 _____ (Graduate Management Admission Council (GMAC)) C:\Users\Lennart J\Desktop\GMATPrep-2.2.317-Windows.exe
2014-09-13 07:32 - 2014-01-18 17:23 - 00901986 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-13 07:32 - 2014-01-18 17:23 - 00195718 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-13 07:32 - 2013-11-14 16:27 - 02596290 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-13 07:32 - 2013-11-14 16:13 - 00500892 _____ () C:\WINDOWS\system32\perfh011.dat
2014-09-13 07:32 - 2013-11-14 16:13 - 00135664 _____ () C:\WINDOWS\system32\perfc011.dat
2014-09-13 07:25 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-12 03:28 - 2014-01-18 18:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 03:24 - 2014-01-18 18:25 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 00:13 - 2014-04-07 23:12 - 00000000 ____D () C:\Users\Lennart J\.gimp-2.8
2014-09-10 00:08 - 2014-09-10 00:08 - 00002751 _____ () C:\Users\Lennart J\AppData\Local\recently-used.xbel
2014-09-10 00:08 - 2014-04-07 23:37 - 00000000 ____D () C:\Users\Lennart J\AppData\Local\gtk-2.0
2014-09-09 22:57 - 2014-09-07 03:22 - 00000000 ____D () C:\Users\Lennart J\Desktop\Sophie
2014-09-09 20:22 - 2014-09-09 20:22 - 00000000 ____D () C:\Users\Lennart J\AppData\Roaming\OpenOffice
2014-09-09 20:18 - 2014-09-09 20:18 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-09 20:18 - 2014-09-09 20:18 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-09 20:18 - 2014-09-09 20:18 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-09 20:08 - 2014-09-09 20:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-09 20:08 - 2014-01-18 14:48 - 00000000 ____D () C:\Users\Lennart J\AppData\Local\Packages
2014-09-09 20:07 - 2014-09-09 20:07 - 00000000 ____D () C:\ProgramData\HP
2014-09-09 18:09 - 2013-12-25 14:58 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-09-09 18:09 - 2013-12-25 14:58 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2014-09-09 08:28 - 2014-09-09 08:27 - 00000000 ___HD () C:\Users\Lennart J\Desktop\C
2014-09-09 08:11 - 2014-05-16 11:58 - 00000000 ___HD () C:\Users\Lennart J\Desktop\smthng
2014-09-09 05:47 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-09 03:34 - 2014-09-09 03:34 - 00000644 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-09-09 03:34 - 2014-09-09 03:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-09-09 03:32 - 2014-09-09 03:31 - 05965584 _____ (Wargaming.net ) C:\Users\Lennart J\Desktop\WoT_internet_install_eu.exe
2014-09-09 00:32 - 2014-09-09 00:30 - 263415282 _____ () C:\Users\Lennart J\Desktop\Us_-_Everywhere-2014-09-08.zip
2014-09-08 21:28 - 2014-01-28 01:40 - 00000000 ___DO () C:\Users\Lennart J\SkyDrive
2014-09-08 20:35 - 2014-01-18 14:49 - 00000074 _____ () C:\Users\Lennart J\AppData\Roaming\sp_data.sys
2014-09-08 20:31 - 2013-08-22 23:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-08 20:30 - 2013-08-22 23:44 - 00359776 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-08 20:28 - 2013-08-22 22:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-08 05:35 - 2014-01-18 17:56 - 00000000 ____D () C:\Users\Lennart J\AppData\Local\PMB Files
2014-09-08 05:04 - 2014-01-18 17:56 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-08 04:26 - 2014-09-07 22:45 - 00000000 ____D () C:\Users\Lennart J\Desktop\Bewerbung
2014-09-07 22:58 - 2014-09-07 22:58 - 00002118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PDFill PDF Editor.lnk
2014-09-07 22:58 - 2014-09-07 22:58 - 00002112 _____ () C:\Users\Public\Desktop\PDFill PDF Editor.lnk
2014-09-07 22:58 - 2014-09-07 22:58 - 00001110 _____ () C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2014-09-07 22:58 - 2014-09-07 22:58 - 00001080 _____ () C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2014-09-07 22:58 - 2014-09-07 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2014-09-07 22:57 - 2014-09-07 22:57 - 00000000 ____D () C:\ProgramData\PlotSoft
2014-09-07 22:57 - 2014-09-07 22:57 - 00000000 ____D () C:\Program Files (x86)\PlotSoft
2014-09-07 22:50 - 2014-01-25 23:51 - 00000000 ____D () C:\Users\Lennart J\Desktop\Verträge
2014-09-07 03:32 - 2014-02-23 20:43 - 00000000 ____D () C:\Users\Lennart J\Desktop\Fotos
2014-09-06 22:46 - 2014-09-06 22:46 - 00000000 ____D () C:\ProgramData\Riot Games
2014-09-05 20:33 - 2013-08-22 23:46 - 00342043 _____ () C:\WINDOWS\setupact.log
2014-09-05 17:51 - 2014-09-05 17:51 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-08-23 09:42 - 2014-09-05 17:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-19 18:02 - 2014-08-19 18:02 - 01176088 _____ () C:\WINDOWS\Minidump\081914-18078-01.dmp
2014-08-19 18:02 - 2014-01-28 01:22 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-19 18:02 - 2014-01-28 01:21 - 495504838 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-19 17:44 - 2014-08-19 17:43 - 01326592 _____ () C:\WINDOWS\Minidump\081914-34234-01.dmp
2014-08-19 17:43 - 2013-11-13 23:18 - 00007164 _____ () C:\WINDOWS\PFRO.log

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Lennart J\AppData\Local\Temp\avgnt.exe
C:\Users\Lennart J\AppData\Local\Temp\COMAP.EXE
C:\Users\Lennart J\AppData\Local\Temp\nls-checker-xp.exe
C:\Users\Lennart J\AppData\Local\Temp\nls-smart-installer-xp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-13 02:02

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Lennart J at 2014-09-16 01:54:42
Running from C:\Users\Lennart J\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
ASUS Console (HKLM\...\{6D989E08-8143-4AB8-B0A8-5B836235CAA4}) (Version: 1.0.3 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.5005 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.5005 - CyberLink Corp.) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 536871201.4759644.48.2147344384 - Audible, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Connectify (HKLM\...\Connectify) (Version: 7.2.1.29658 - Connectify)
Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version:  - Knuckle Cracker)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.5817a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.5817a - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GMATPrep (HKLM-x32\...\GMATPrep 2.2.317) (Version: 2.2.317 - Graduate Management Admission Council (GMAC))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
i-フィルター 6.0 (HKLM\...\{FDC60158-F92E-41DA-8515-1A5EAEF89EAC}) (Version: 6.00.21.0100 - デジタルアーツ株式会社)
Kingsoft Office 2012 (8.1.0.3185) (HKLM-x32\...\Kingsoft Office) (Version: 8.1.0.3185 - Kingsoft Corp.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LINE (HKLM-x32\...\LINE) (Version: 3.7.3.82 - LINE Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX システム ソフトウェア 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA グラフィックス ドライバー 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA コントロール パネル 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
OMC ModPack Version 0.8.11.0 (HKLM-x32\...\{CF9086F7-0490-42CE-8029-09CCB8FB942A}_is1) (Version: 0.8.11.0 - Odem Mortis)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.11.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Silent Hunter: Wolves of the Pacific (HKLM-x32\...\Steam App 15200) (Version:  - Ubisoft Romania)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM\...\{8E59415B-ECAC-43F7-B496-7BCD636C63E1}) (Version: 16.0.805.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM\...\{EC9F4C53-7258-4A37-B555-5A438FA8B4FF}) (Version: 16.0.668.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Trending Words Dictionary (HKLM\...\{B939BFEB-824F-4456-A4EE-2B86ED04033D}) (Version: 16.0.1016.1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
War Thunder Launcher 1.0.1.335 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows ドライバ パッケージ - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1) (Version:  - Wargaming.net)
フォト ギャラリー (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-08-2014 07:48:01 Windows Update
05-09-2014 08:50:20 Windows Update
07-09-2014 13:57:05 Installed PDFill PDF Editor with FREE Writer and FREE Tools
09-09-2014 11:15:19 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 22:25 - 2013-08-22 22:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0623A21A-3757-4BA7-A453-FA8142B70724} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C277E9D-C9EC-4E54-9245-099AFC06D50E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {33E0D0EF-93CA-4B81-AC68-5C93DEACB525} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {375E78BD-6DBF-4E4D-BBBF-29772D429002} - System32\Tasks\ASUS Console => C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe [2013-08-16] (ASUSTek Computer Inc.)
Task: {38386AF9-B5A2-4B19-BF6D-C5F47189D02A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {481C5488-0DD1-4A55-B6CB-6D079FBAB79E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7281C7E8-DFD9-4889-A410-A0344CD63A65} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {738A5BB8-0CEB-4D5D-A537-9C3FE4414DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7E93E4EF-E3A0-4335-B43F-909C72C3229B} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FC19905-5715-4689-A0DF-704102C446A6} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {9B6EB6C5-7EA3-440A-A143-13301578A9EC} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {9CDA686F-A471-4FC7-9323-B39BF5616FDE} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {9D2B6225-6BAB-479E-8E73-9A082198CB97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C7BF44DA-6081-4CD9-BD20-DF44366659FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {CD094DD6-C04F-434A-A018-16E98BA73F27} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DBFDF7FB-2E27-4DDD-A112-7C694289C2C5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {E0FD221D-196D-49E2-B09D-37A41FD39226} - System32\Tasks\WpsUpdateTask_Lennart J => C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-03-27] (Zhuhai Kingsoft Office-software Co.,Ltd)
Task: {E6CA4248-029D-4DB2-A54A-E1C593178A14} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3E55189-EB24-4ED2-ACF5-10C314C038C8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {F56B85C6-C25B-47EC-AE97-162ADCF47E3E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {FEAA435E-1582-4440-916E-8127E9385921} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-03-27] (Zhuhai Kingsoft Office-software Co.,Ltd)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Lennart J.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-28 01:08 - 2013-10-23 17:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-19 15:10 - 2012-12-19 15:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-03-25 22:00 - 2014-03-25 22:04 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-12-25 15:02 - 2009-04-17 19:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-08-29 16:01 - 2013-08-29 16:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-15 09:48 - 2013-11-15 09:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-13 21:11 - 2013-10-22 01:46 - 00142336 _____ () C:\Program Files (x86)\GMATPrep2012\GMATPrep.exe
2014-01-20 02:18 - 2013-12-24 03:59 - 00376608 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
2014-01-20 02:18 - 2013-12-24 03:59 - 03170080 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
2014-01-20 02:18 - 2013-12-24 03:59 - 00714016 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2014-01-20 02:18 - 2013-12-24 03:59 - 00354080 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
2013-08-16 10:03 - 2013-08-16 10:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-08-19 17:16 - 2013-08-19 17:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-11-15 09:49 - 2013-11-15 09:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-25 14:40 - 2013-06-23 20:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-13 05:17 - 2014-09-04 12:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-13 05:17 - 2014-09-04 12:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-13 05:17 - 2014-09-04 12:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 05:17 - 2014-09-04 12:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 05:17 - 2014-09-04 12:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-13 21:11 - 2013-10-22 01:56 - 04773736 _____ () C:\Program Files (x86)\GMATPrep2012\Adobe AIR\Versions\1.0\Resources\WebKit.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lennart J\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Connectify Hotspot"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 05:59:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RAVCpl64.exe, Version: 1.0.0.897, Zeitstempel: 0x5225bf27
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x101c
Startzeit der fehlerhaften Anwendung: 0xRAVCpl64.exe0
Pfad der fehlerhaften Anwendung: RAVCpl64.exe1
Pfad des fehlerhaften Moduls: RAVCpl64.exe2
Berichtskennung: RAVCpl64.exe3
Vollständiger Name des fehlerhaften Pakets: RAVCpl64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RAVCpl64.exe5

Error: (09/15/2014 05:59:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RAVCpl64.exe, Version: 1.0.0.897, Zeitstempel: 0x5225bf27
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xc0000002
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x101c
Startzeit der fehlerhaften Anwendung: 0xRAVCpl64.exe0
Pfad der fehlerhaften Anwendung: RAVCpl64.exe1
Pfad des fehlerhaften Moduls: RAVCpl64.exe2
Berichtskennung: RAVCpl64.exe3
Vollständiger Name des fehlerhaften Pakets: RAVCpl64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RAVCpl64.exe5

Error: (09/15/2014 03:10:41 AM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/14/2014 11:09:15 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/09/2014 08:17:53 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/09/2014 08:17:07 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/09/2014 08:16:47 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/09/2014 08:15:18 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/09/2014 08:08:29 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (09/09/2014 03:18:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20573 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b8c

Startzeit: 01cfcb9080ab29c6

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 7617c776-3784-11e4-bf01-bcee7b17afe7

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (09/15/2014 04:53:46 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (09/15/2014 02:58:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (09/10/2014 11:24:17 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{5B02CACF-806D-44CF-9122-ACBDA8248DD4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/09/2014 05:35:08 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{5B02CACF-806D-44CF-9122-ACBDA8248DD4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/08/2014 08:45:07 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem Computer mit der
Netzwerkhardwareadresse 0E-96-D7-AD-4C-5A ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (09/08/2014 07:16:00 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "H:" können nicht gelesen werden.

Error: (09/08/2014 02:50:44 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR31 gefunden.

Error: (09/08/2014 02:46:30 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR31 gefunden.

Error: (09/08/2014 02:46:30 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR31 gefunden.

Error: (09/08/2014 02:46:30 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR31 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/15/2014 05:59:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RAVCpl64.exe1.0.0.8975225bf27KERNELBASE.dll6.3.9600.17055532954fbc000041d0000000000005bf8101c01cfcb58b4475e6bC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\WINDOWS\system32\KERNELBASE.dll02fe202a-3c52-11e4-bf01-bcee7b17afe7

Error: (09/15/2014 05:59:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RAVCpl64.exe1.0.0.8975225bf27KERNELBASE.dll6.3.9600.17055532954fbc00000020000000000005bf8101c01cfcb58b4475e6bC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\WINDOWS\system32\KERNELBASE.dll01f7cb0d-3c52-11e4-bf01-bcee7b17afe7

Error: (09/15/2014 03:10:41 AM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/14/2014 11:09:15 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 08:17:53 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 08:17:07 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 08:16:47 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 08:15:18 PM) (Source: MsiInstaller) (EventID: 1002) (User: LENNART)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 08:08:29 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 03:18:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.205731b8c01cfcb9080ab29c64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe7617c776-3784-11e4-bf01-bcee7b17afe7microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2014-01-18 16:44:34.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2014-01-18 15:41:09.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2014-01-18 15:37:18.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2014-01-18 15:00:43.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2014-01-18 14:42:06.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2013-12-25 15:09:41.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2013-12-25 14:56:44.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2013-12-25 14:51:03.894
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2013-12-25 14:48:12.818
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.

  Date: 2013-12-25 14:46:09.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\autochk.exe that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 6027.18 MB
Available physical RAM: 2644.93 MB
Total Pagefile: 12171.18 MB
Available Pagefile: 6315.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.1 GB) (Free:219.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:271.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EA37FB89)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka · 15.09.2014, 18:50

Hi,

Dateien hochladen:

Link zum Upload-Channel.
Klicke auf
Kopiere folgende Zeile(n) in das Dateiname-Feld und anschließend jeweils auf Öffnen.
Code:
ATTFilter
```
C:\Windows\SysWOW64\ASUS.scr
         
```
Code:
ATTFilter
```
C:\Windows\Installer\14f1a.msi
         
```
Klicke dann auf

Bitte um Rückmeldung ob es geklappt hat!

Danke für Deine Hilfe!

lleenn · 15.09.2014, 19:02

Dateien sind hochgeladen

deeprybka · 15.09.2014, 19:18

Vielen Dank hat geklappt. Denke die sind "false positive". Mal schauen ob die Jungs bei Malwarebytes die brauchen können.

Machen wir noch ne schnelle Kontrolle wenn Du schonmal da bist.

Schritt 1
Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

lleenn · 15.09.2014, 19:33

erledigt:

Code:

ATTFilter

HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : LENNART
   Windows . . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : LENNART\Lennart J
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-09-16 03:24:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 30s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 6

   Objects scanned . . . : 1607431
   Files scanned . . . . : 46750
   Remnants scanned  . . : 528151 files / 1032530 keys

Suspicious files ____________________________________________________________

   C:\Users\Lennart J\AppData\Local\PunkBuster\HOS\pb\pbcl.dll
      Size . . . . . . . : 951877 bytes
      Age  . . . . . . . : 174.2 days (2014-03-25 22:04:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 833CB80463E9181DBCC24242B392B70E6E80DD72A07B79727AB9936FCADEDD2A
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Lennart J\AppData\Local\PunkBuster\HOS\pb\pbclold.dll
      Size . . . . . . . : 947240 bytes
      Age  . . . . . . . : 174.2 days (2014-03-25 22:02:40)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 5D06522F5E7C70AF0ABF76C0F9AEB08D365DBAA5DE673C31294F60F9B333E254
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Lennart J\AppData\Local\PunkBuster\HOS\pb\PnkBstrK.sys
      Size . . . . . . . : 139112 bytes
      Age  . . . . . . . : 174.2 days (2014-03-25 22:02:52)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 22A0F36A4E6891CDCFDF3460A19285662D017B02266D5D9A7EED43CF74B0A39A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Lennart J\Desktop\FRST64.exe
      Size . . . . . . . : 2105856 bytes
      Age  . . . . . . . : 0.1 days (2014-09-16 01:53:25)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : D6C5EDFD26E84E2BF10A388F78882CC8288DCEBE8F20C39C5222B17C213ACD5A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-25646073-1747131351-1955705847-1001\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-25646073-1747131351-1955705847-1002\Software\Conduit\ (Conduit)

deeprybka · 15.09.2014, 19:42

Hi,

dem Firefox und dem Adobe Flash Player könntest mal ein Update verpassen:

Firefox wenn gewünscht bitte via "Firefox-Hilfe-Über Firefox" auf die Version 32 aktualisieren...

Flash-Link mit dem Chrome aufrufen. Flash installieren = aktualisieren. Optionale Angebote ablehnen.

Ansonsten OK

lleenn · 16.09.2014, 01:25

Alles klar. Vielen Dank! Ist ja super

deeprybka · 16.09.2014, 05:48

Jo, gerne.

Mach die nächsten Tage mal Scans mit Malwarebytes. Funde sollten nicht mehr auftreten.

16.09.2014, 05:48	#10
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Windows 8: Malwarebyte findet "Backdoor.Bot" Jo, gerne. Mach die nächsten Tage mal Scans mit Malwarebytes. Funde sollten nicht mehr auftreten. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Windows 8: Malwarebyte findet "Backdoor.Bot"

Log-Analyse und Auswertung: Windows 8: Malwarebyte findet "Backdoor.Bot"