Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista: Webseiten werden auf Werbung umgeleitet. (https://www.trojaner-board.de/151432-windows-vista-webseiten-werbung-umgeleitet.html)

jflack 03.04.2014 09:24
Hallo,

hier schon mal die ESET Logdatei.

Gruß
jflack


Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=055d8c6dbb26e04383eed477540752f1
# engine=17727
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-02 07:22:56
# local_time=2014-04-02 09:22:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3592 16777213 100 90 199381 147129072 0 0
# compatibility_mode=5892 16776574 100 100 89947483 233999304 0 0
# scanned=233385
# found=4
# cleaned=0
# scan_time=8231
sh=AFF6026DD64A6AD95B73CD2D1EE61EAEBA192C4E ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SavingsBull\bootstrap.js.old.vir"
sh=531AF6C66BA910F2C13889737E0068BE69293CF1 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\bootstrap.js.vir"
sh=84513B3CF5108E8E933F22B446766C277F015F41 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.AZJJ trojan" ac=I fn="C:\Users\Asus\Documents\Rechnung der stornierten Lastschrift Ihrer Bestellung 22.08.2013\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung\Anwaltskanalei stornierte Rechnung 07.03.2014.zip"
sh=7106EC28932895C1BB6B82BE23A122135B2AE34D ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.AZJJ trojan" ac=I fn="C:\Users\Asus\Downloads\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung.zip"
Hallo,
anbei die Logdatei von SecurityCheck.

Gruß
jflack



Code:
Results of screen317's Security Check version 0.99.80 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Premier Edition 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities 2014 
 TuneUp Utilities 2014 (de-DE) 
 TuneUp Utilities Language Pack (de-DE)
 TuneUp Utilities 2014 
 CCleaner   
 Java 7 Update 13 
 Java 7 Update 51 
 Adobe Flash Player        12.0.0.77 
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (WEB.DE)
 Google Chrome 21.0.1180.79 
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
 Google Chrome 22.0.1229.79 
 Google Chrome 22.0.1229.92 
 Google Chrome 22.0.1229.94 
 Google Chrome 23.0.1271.64 
 Google Chrome 23.0.1271.91 
 Google Chrome 23.0.1271.95 
 Google Chrome 23.0.1271.97 
 Google Chrome 24.0.1312.52 
 Google Chrome 24.0.1312.56 
 Google Chrome 24.0.1312.57 
 Google Chrome 25.0.1364.152 
 Google Chrome 25.0.1364.172 
 Google Chrome 25.0.1364.97 
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
 Google Chrome 27.0.1453.94 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
 Google Chrome 28.0.1500.95 
 Google Chrome 29.0.1547.57 
 Google Chrome 29.0.1547.62 
 Google Chrome 29.0.1547.66 
 Google Chrome 29.0.1547.76 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

M-K-D-B 03.04.2014 15:59
Servus,



wir entfernen noch die beiden Zip-Dateien der Anwaltskanzlei, denn dabei handelt es sich um Malware. ;)



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Users\Asus\Documents\Rechnung der stornierten Lastschrift Ihrer Bestellung 22.08.2013\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung\Anwaltskanalei stornierte Rechnung 07.03.2014.zip
C:\Users\Asus\Downloads\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung.zip
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • Java 7 Update 13
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





Schritt 2
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall TuneUp Utilities 2014
In deinem Fall CCleaner

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 4
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 5
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

jflack 04.04.2014 12:33
Hallo Matthias,

anbei die Fixlog.txt

Gruß
jflack



Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Asus at 2014-04-04 13:29:59 Run:2
Running from C:\Users\Asus\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Asus\Documents\Rechnung der stornierten Lastschrift Ihrer Bestellung 22.08.2013\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung\Anwaltskanalei stornierte Rechnung 07.03.2014.zip
C:\Users\Asus\Downloads\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung.zip
end
       
*****************

C:\Users\Asus\Documents\Rechnung der stornierten Lastschrift Ihrer Bestellung 22.08.2013\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung\Anwaltskanalei stornierte Rechnung 07.03.2014.zip => Moved successfully.
C:\Users\Asus\Downloads\07.03.2014 Forderung der abgewiesenen automatischen Kontoabbuchung.zip => Moved successfully.

==== End of Fixlog ====

M-K-D-B 04.04.2014 17:55
Servus,



führe die abschließenden Schritte aus und gib mir Bescheid, ob alles passt. :)

jflack 04.04.2014 18:07
Hallo,

bei der Installation von Secunia Online Software bricht der Scan nach kurzer Zeit mit
der folgenden Meldung ab!
Die Meldung kommt vom Internet Explorer?
Mein Firefox Browser startet mit der Seite "Mysearchdial Search"



Code:
---------------------------
Windows Internet Explorer
---------------------------
Ausführung des Skripts abbrechen?

Ein Skript auf dieser Seite verursacht eine Verzögerung in Internet
Explorer. Eine weitere Ausführung des Skripts kann dazu führen,
dass der Computer nicht mehr reagiert.


---------------------------
Ja  Nein 
---------------------------

Gruß
jflack

M-K-D-B 04.04.2014 18:18
Servus,


Zitat:
Zitat von jflack (Beitrag 1279400)
Mein Firefox Browser startet mit der Seite "Mysearchdial Search"
laut dem letzten FRST Logfile ist Firefox sauber, also nochmal FRST ausführen bitte:




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


jflack 04.04.2014 19:11
Hallo,

anbei die beiden Logdateien.

Gruß
jflack



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Asus (administrator) on ASUS-PC on 04-04-2014 20:06:48
Running from C:\Users\Asus\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\smartlogon.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\Mega Browse\updateMegaBrowse.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
() C:\Program Files\IDMSQ\idmsq.exe
(Dropbox, Inc.) C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files\Secunia\PSI\PSI_TRAY.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() C:\Program Files\Mega Browse\bin\FilterApp_C.exe
() C:\Program Files\Mega Browse\bin\XTLSApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-12-05] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8534560 2007-12-05] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-12-05] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Run: [MyDriveConnect.exe] - C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Run: [GoogleChromeAutoLaunch_FCA810C0E252261B949A7B9F364CE16A] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Run: [IDMSQ] - C:\Program Files\IDMSQ\idmsq.exe [2561088 2013-10-30] ()
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {40a38cbf-c515-11dd-97df-001f3c62bd12} - F:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {40a38cca-c515-11dd-97df-001f3c62bd12} - F:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {45007181-df2e-11de-9c34-001f3c62bd12} - E:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {c7c7e3f4-8fa0-11dd-b3af-00221584e135} - F:\programs\nu2menu\nu2menu.exe
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/home
hxxp://www.asus.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
SearchScopes: HKCU - {1F030088-8BE3-4AA3-9D03-26D4DB23DA80} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {2BA724D2-45DC-4B4D-8064-5D20686A1339} URL = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
SearchScopes: HKCU - {968E5101-323F-437E-B302-C9A3854F21B4} URL = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {C1302AE2-8B4F-4F0D-BEAC-E121028FCC02} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
BHO: WEB.DE Konfiguration - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO: Mega Browse - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files\Mega Browse\MegaBrowsebho.dll (Mega Browse)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox
FF user.js: detected! => C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Click&Clean - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\clickclean@hotcleaner.com [2013-12-10]
FF Extension: mysearchdial.com - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\ffxtlbr@mysearchdial.com [2014-04-04]
FF Extension: GoogleSharing - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\googlesharing@extension.thoughtcrime.org [2013-12-10]
FF Extension: MySearchDial NewTab - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-04-04]
FF Extension: Cryptocat - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\cryptocat@crypto.cat.xpi [2013-12-10]
FF Extension: Lightbeam - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-12-10]
FF Extension: WEB.DE MailCheck - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\toolbar@web.de.xpi [2013-12-10]
FF Extension: Mega Browse - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi [2014-04-02]
FF Extension: NoScript - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-10]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18]

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0DzytB0AtAyEyDtGyE0CyBtCtGyBtBzzzztG0ByD0B0FtGyCyB0D0C0CtD0F0AyB0DyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=579548144&ir=
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0DzytB0AtAyEyDtGyE0CyBtCtGyBtBzzzztG0ByD0B0FtGyCyB0D0C0CtD0F0AyB0DyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=579548144&ir=", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir="
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0AtG0DyD0E0BtGtA0AtC0BtGyBtB0B0CyDtByEyCyEyE0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=2076409355&ir=
CHR DefaultNewTabURL:
CHR Extension: (Skype Click to Call) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-07-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 Update Mega Browse; C:\Program Files\Mega Browse\updateMegaBrowse.exe [350496 2014-04-02] ()
R2 Util Mega Browse; C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe [350496 2014-04-04] ()

==================== Drivers (Whitelisted) ====================

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-04-01] ()
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140403.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-27] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140404.001\NAVENG.SYS [93272 2014-03-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140404.001\NAVEX15.SYS [1612376 2014-03-25] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [19944 2007-02-24] (Ray Hinchliffe)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1502000.026\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-08-19] (RapidSolution Software AG)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55232 2014-04-04] (StdLib)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 20:06 - 2014-04-04 20:07 - 00025793 _____ () C:\Users\Asus\Downloads\FRST.txt
2014-04-04 20:06 - 2014-04-04 20:06 - 00000000 ____D () C:\FRST
2014-04-04 20:04 - 2014-04-04 20:04 - 01145856 _____ (Farbar) C:\Users\Asus\Downloads\FRST.exe
2014-04-04 19:12 - 2014-04-04 19:12 - 00000064 _____ () C:\Users\Asus\AppData\Roaming\WB.CFG
2014-04-04 19:08 - 2014-04-04 19:08 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-04-04 18:51 - 2014-04-04 18:51 - 00000000 ____D () C:\Users\Asus\AppData\Local\Secunia PSI
2014-04-04 18:50 - 2014-04-04 18:50 - 00000000 ____D () C:\Program Files\Secunia
2014-04-04 18:49 - 2014-04-04 18:49 - 05329480 _____ (Secunia) C:\Users\Asus\Downloads\PSISetup_3.0.0.9016.exe
2014-04-04 15:04 - 2014-04-04 15:04 - 00000000 ____D () C:\Users\Asus\Documents\PC Speed Maximizer
2014-04-04 15:00 - 2014-04-04 15:00 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\0D0S1L2Z1P1B
2014-04-04 14:59 - 2014-04-04 19:12 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2014-04-04 14:59 - 2014-04-04 18:38 - 00000000 ____D () C:\Program Files\Mega Browse
2014-04-04 14:59 - 2014-04-04 15:12 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\mysearchdial
2014-04-04 14:59 - 2014-04-04 14:59 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-04-04 14:58 - 2014-04-04 19:12 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-04-04 14:58 - 2014-04-04 14:58 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\DigitalSites
2014-04-04 14:54 - 2014-04-04 14:54 - 00686048 _____ () C:\Users\Asus\Downloads\ZipExtractorSetup.exe
2014-04-04 14:11 - 2014-04-04 14:13 - 00002145 _____ () C:\DelFix.txt
2014-04-04 14:01 - 2014-04-04 14:01 - 00001899 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-04 14:01 - 2014-04-04 14:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-01 10:36 - 2014-04-01 10:36 - 00002588 _____ () C:\Windows\system32\.crusader
2014-04-01 10:26 - 2014-04-01 10:39 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-01 10:24 - 2014-04-01 10:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-31 19:19 - 2014-04-04 18:38 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Idmsq
2014-03-29 19:13 - 2014-03-29 19:13 - 00000164 _____ () C:\Users\Asus\Documents\cc_20140329_181323.reg
2014-03-27 18:04 - 2014-03-28 13:52 - 00001152 _____ () C:\MBAM.txt
2014-03-26 12:01 - 2014-03-26 11:26 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-26 11:26 - 2014-03-26 11:58 - 00000000 ____D () C:\zoek_backup
2014-03-25 15:16 - 2014-03-25 15:16 - 00000000 ____D () C:\Users\Asus\AppData\Local\TuneUp Software
2014-03-25 14:45 - 2014-03-29 14:18 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 14:45 - 2014-03-27 17:51 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 14:45 - 2014-03-27 17:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-25 14:45 - 2014-03-25 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 14:45 - 2014-03-05 10:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 14:45 - 2014-03-05 10:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 14:45 - 2014-03-05 10:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 14:22 - 2014-04-04 14:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 14:51 - 2014-03-23 14:51 - 00001344 _____ () C:\Users\Asus\Documents\Scan_230314.txt
2014-03-23 14:43 - 2014-03-23 14:49 - 00000000 ____D () C:\Users\Asus\AppData\Local\NPE
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Program Files\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\MININT
2014-03-22 21:03 - 2014-03-25 16:15 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 20:56 - 2014-03-23 17:51 - 00108008 _____ () C:\Users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-22 19:42 - 2014-03-24 20:02 - 00404120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:51 - 2014-03-19 19:51 - 25081368 _____ (Mozilla) C:\Users\Asus\Downloads\Firefox-Setup-28.0.exe
2014-03-13 16:02 - 2014-02-23 19:44 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:02 - 2014-02-23 19:44 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-03-13 16:02 - 2014-02-23 18:45 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-13 16:02 - 2014-02-23 18:38 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:02 - 2014-02-23 18:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:02 - 2014-02-23 18:38 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:02 - 2014-02-23 18:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-13 16:02 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:02 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:02 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:02 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-10 12:35 - 2014-03-10 12:36 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Asus\Downloads\ElsterFormular-15.0.20140212p.exe

==================== One Month Modified Files and Folders =======

2014-04-04 20:07 - 2014-04-04 20:06 - 00025793 _____ () C:\Users\Asus\Downloads\FRST.txt
2014-04-04 20:06 - 2014-04-04 20:06 - 00000000 ____D () C:\FRST
2014-04-04 20:06 - 2011-07-23 13:21 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 20:04 - 2014-04-04 20:04 - 01145856 _____ (Farbar) C:\Users\Asus\Downloads\FRST.exe
2014-04-04 20:04 - 2012-11-26 19:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 19:12 - 2014-04-04 19:12 - 00000064 _____ () C:\Users\Asus\AppData\Roaming\WB.CFG
2014-04-04 19:12 - 2014-04-04 14:59 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2014-04-04 19:12 - 2014-04-04 14:58 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-04-04 19:08 - 2014-04-04 19:08 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-04-04 19:08 - 2006-11-02 12:23 - 00000230 _____ () C:\Windows\win.ini
2014-04-04 19:00 - 2012-06-05 19:20 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Dropbox
2014-04-04 18:56 - 2012-01-25 19:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-04 18:54 - 2008-08-03 08:45 - 01089768 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 18:51 - 2014-04-04 18:51 - 00000000 ____D () C:\Users\Asus\AppData\Local\Secunia PSI
2014-04-04 18:50 - 2014-04-04 18:50 - 00000000 ____D () C:\Program Files\Secunia
2014-04-04 18:49 - 2014-04-04 18:49 - 05329480 _____ (Secunia) C:\Users\Asus\Downloads\PSISetup_3.0.0.9016.exe
2014-04-04 18:38 - 2014-04-04 14:59 - 00000000 ____D () C:\Program Files\Mega Browse
2014-04-04 18:38 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Idmsq
2014-04-04 18:38 - 2012-06-05 19:24 - 00000000 ___RD () C:\Users\Asus\Dropbox
2014-04-04 18:38 - 2008-12-30 15:27 - 00088648 _____ () C:\Users\Asus\AppData\Roaming\nvModes.001
2014-04-04 18:37 - 2011-07-23 13:21 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 18:37 - 2008-08-03 10:12 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-04 18:37 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 18:37 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:37 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 15:17 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-04 15:12 - 2014-04-04 14:59 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\mysearchdial
2014-04-04 15:04 - 2014-04-04 15:04 - 00000000 ____D () C:\Users\Asus\Documents\PC Speed Maximizer
2014-04-04 15:00 - 2014-04-04 15:00 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\0D0S1L2Z1P1B
2014-04-04 14:59 - 2014-04-04 14:59 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-04-04 14:58 - 2014-04-04 14:58 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\DigitalSites
2014-04-04 14:54 - 2014-04-04 14:54 - 00686048 _____ () C:\Users\Asus\Downloads\ZipExtractorSetup.exe
2014-04-04 14:24 - 2008-10-01 12:12 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-04 14:21 - 2008-11-27 20:03 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Adobe
2014-04-04 14:15 - 2008-01-21 04:47 - 00761776 _____ () C:\Windows\PFRO.log
2014-04-04 14:13 - 2014-04-04 14:11 - 00002145 _____ () C:\DelFix.txt
2014-04-04 14:11 - 2014-03-25 14:22 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 14:06 - 2008-10-01 12:08 - 00000000 ____D () C:\Users\Asus
2014-04-04 14:02 - 2008-10-01 12:12 - 00000000 ____D () C:\Users\Asus\AppData\Local\Adobe
2014-04-04 14:01 - 2014-04-04 14:01 - 00001899 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-04 14:01 - 2014-04-04 14:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-04 14:01 - 2009-03-25 20:39 - 00000000 ____D () C:\Program Files\Adobe
2014-04-01 17:51 - 2008-11-26 18:31 - 00043008 _____ () C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-01 17:49 - 2006-11-02 12:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 10:39 - 2014-04-01 10:26 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-01 10:36 - 2014-04-01 10:36 - 00002588 _____ () C:\Windows\system32\.crusader
2014-04-01 10:36 - 2014-04-01 10:24 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-31 19:15 - 2014-02-28 21:03 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 19:13 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-31 13:58 - 2009-09-14 18:45 - 00002066 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-03-31 13:58 - 2009-06-19 16:37 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-03-29 19:13 - 2014-03-29 19:13 - 00000164 _____ () C:\Users\Asus\Documents\cc_20140329_181323.reg
2014-03-29 14:18 - 2014-03-25 14:45 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 13:52 - 2014-03-27 18:04 - 00001152 _____ () C:\MBAM.txt
2014-03-27 17:51 - 2014-03-25 14:45 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 17:51 - 2014-03-25 14:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-26 11:58 - 2014-03-26 11:26 - 00000000 ____D () C:\zoek_backup
2014-03-26 11:54 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-03-26 11:26 - 2014-03-26 12:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-26 11:11 - 2011-07-17 11:31 - 00000000 ____D () C:\Users\Asus\AppData\Local\CrashDumps
2014-03-25 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Globalization
2014-03-25 16:15 - 2014-03-22 21:03 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-25 15:16 - 2014-03-25 15:16 - 00000000 ____D () C:\Users\Asus\AppData\Local\TuneUp Software
2014-03-25 14:45 - 2014-03-25 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 12:33 - 2013-11-03 12:41 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-25 12:33 - 2011-07-23 13:22 - 00001082 _____ () C:\Users\Asus\Desktop\Google Chrome.lnk
2014-03-25 12:33 - 2011-07-15 19:36 - 00000890 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2014-03-25 12:33 - 2008-10-01 12:14 - 00000980 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 20:02 - 2014-03-22 19:42 - 00404120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-23 17:51 - 2014-03-22 20:56 - 00108008 _____ () C:\Users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 14:51 - 2014-03-23 14:51 - 00001344 _____ () C:\Users\Asus\Documents\Scan_230314.txt
2014-03-23 14:49 - 2014-03-23 14:43 - 00000000 ____D () C:\Users\Asus\AppData\Local\NPE
2014-03-23 12:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Resources
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Program Files\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\MININT
2014-03-22 13:11 - 2008-12-14 13:08 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-22 13:11 - 2008-08-03 09:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-22 13:07 - 2013-07-10 13:54 - 00000000 ____D () C:\Windows\Minidump
2014-03-20 12:35 - 2012-08-29 19:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-19 19:53 - 2014-02-23 12:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-19 19:53 - 2008-12-10 19:53 - 00000853 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 19:51 - 2014-03-19 19:51 - 25081368 _____ (Mozilla) C:\Users\Asus\Downloads\Firefox-Setup-28.0.exe
2014-03-19 13:07 - 2013-08-14 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 13:07 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-15 16:52 - 2011-07-23 13:21 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Skype
2014-03-14 14:36 - 2013-11-09 12:03 - 00000000 ____D () C:\Users\Asus\Documents\Rechnung der stornierten Lastschrift Ihrer Bestellung 22.08.2013
2014-03-14 12:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-14 11:53 - 2010-12-19 12:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:46 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-13 16:04 - 2012-09-02 09:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 16:04 - 2012-09-02 09:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 20:36 - 2012-03-05 19:45 - 00000000 ____D () C:\ProgramData\Apple
2014-03-10 12:42 - 2011-02-13 14:32 - 00001029 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-10 12:39 - 2012-01-02 18:24 - 00000000 ____D () C:\Users\Asus\AppData\Local\.elfohilfe
2014-03-10 12:39 - 2011-02-13 14:32 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-10 12:36 - 2014-03-10 12:35 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Asus\Downloads\ElsterFormular-15.0.20140212p.exe
2014-03-09 12:47 - 2008-08-03 09:43 - 00000000 ____D () C:\Program Files\ATKGFNEX
2014-03-06 11:16 - 2008-12-29 17:51 - 00088648 _____ () C:\Users\Asus\AppData\Roaming\nvModes.dat
2014-03-06 11:12 - 2013-12-06 14:15 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Farm Mania 2
2014-03-05 10:26 - 2014-03-25 14:45 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-25 14:45 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-25 14:45 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Asus\AppData\Local\Temp\SDShelEx-win32.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-04 18:45

==================== End Of Log ============================
--- --- ---




Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Asus at 2014-04-04 20:07:26
Running from C:\Users\Asus\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version:  - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audials (HKLM\...\{0E9EBAF3-67F8-430A-9852-D02E5F20031A}) (Version: 10.2.30900.0 - Audials AG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
digiSeal reader (HKLM\...\digiSeal reader) (Version:  - secrypt GmbH)
Divinity II - Ego Draconis (HKLM\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Elevated Installer (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Evernote v. 5.0.2 (HKLM\...\{C2EECB42-2C7F-11E3-8960-00163E98E7D0}) (Version: 5.0.2.1392 - Evernote Corp.)
Express Zip (HKLM\...\ExpressZip) (Version: 2.18 - NCH Software)
Firefox 3.6 WEB.DE Edition (Version: 1.6 - WEB.DE) Hidden
Garmin Express (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Internet Download Manager² 1.0 (HKLM\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mega Browse (HKLM\...\Mega Browse) (Version: 2014.04.02.201943 - Mega Browse)
Mein eigener Bauernhof (HKLM\...\Mein eigener Bauernhof_is1) (Version:  - Realore Studios)
Mein eigener Bauernhof 2 (HKLM\...\Mein eigener Bauernhof 2_is1) (Version:  - Realore Studios)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
Mysearchdial (HKLM\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}) (Version: 3.1.9396 - OpenOffice.org)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Power4Gear eXtreme (HKLM\...\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}) (Version: 1.00.0014 - ATK)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Samsung ML-1640 Series (HKLM\...\Samsung ML-1640 Series) (Version:  - Samsung Electronics CO.,LTD)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.205 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Zip Extractor (HKCU\...\Digital Sites) (Version:  - Update for Zip Extractor) <==== ATTENTION
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSO Image Resizer 4.0.0.53 (HKLM\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.53 - VSO-Software)
Web.de Fotoservice (HKLM\...\de.webde.fotoservice.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.3.5 - myphotobook GmbH)
Web.de Fotoservice (Version: 1.3.5 - myphotobook GmbH) Hidden
WEB.DE Internet Explorer Addon (HKLM\...\1&1 Mail & Media GmbH 1und1InternetExplorerAddon) (Version: 1.0.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WEB.DE Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

04-04-2014 12:13:01 Ende der Bereinigung

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-03-23 12:53 - 00000804 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1                        d3oxij66pru1i3.cloudfront.net


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {249B4955-CBCD-4BCF-962E-74EC5FBBBC1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {36035647-05E0-4568-8ABA-EE3235B4B1C5} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {3A442558-C2E2-42DB-A879-CC52489048C6} - System32\Tasks\MySearchDial => C:\Users\Asus\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4451A61E-4181-4B13-AF92-573A2CF987B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {69E7336B-B180-4468-A70C-5779CDDB9889} - System32\Tasks\{85744F73-8CAA-4501-A430-5D43639614F6} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8EE613F4-CDF7-4AF4-829D-2A2596897E1D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {8F5DD851-7F6C-4011-89E9-F9E6093086B5} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Asus => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A0D8FD69-F0A7-4593-B5CA-A6E4FB3473BD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2007-12-26] (ASUS)
Task: {B2670798-4859-49B8-982D-E276ACB8508D} - System32\Tasks\Digital Sites => C:\Users\Asus\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B75D21B2-B598-45C1-814A-FAF9E369F564} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C4660E8F-ABDB-4CFE-B846-783F6F6F70BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {C4B9ED0D-DA7F-4E13-BA37-231223E802D9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {C6DE47D8-A4F3-4041-B41F-66A198821C1B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {DD042017-A31E-4EB5-A931-F241FCCF5604} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DFCA9B24-18FE-4DF5-B50E-75C250B7DE99} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EB50A561-1439-4397-B217-075DCA080BF9} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {FBBE08B2-17B1-4D2E-B9DE-D6F964288F43} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Asus\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Asus\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-08-03 09:49 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-08-03 09:43 - 2007-10-03 06:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-08-03 09:43 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-08-03 09:49 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-08-03 09:49 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2009-12-03 21:23 - 2008-01-10 14:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2008-08-03 09:53 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-08-03 09:43 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-08-03 09:46 - 2007-09-26 20:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-08-03 09:53 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-08-03 10:01 - 2007-07-10 07:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-08-03 09:43 - 2007-08-08 20:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-08-03 09:43 - 2007-08-15 20:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-08-03 09:43 - 2007-08-15 20:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-08-03 09:57 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-08-03 09:57 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-08-03 09:57 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-08-03 09:57 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-08-03 09:57 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-08-03 09:57 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-08-03 09:57 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2014-04-02 22:19 - 2014-04-02 22:19 - 00350496 _____ () C:\Program Files\Mega Browse\updateMegaBrowse.exe
2013-11-29 11:29 - 2013-11-29 11:29 - 00026520 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00082840 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00344984 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2013-10-30 08:21 - 2013-10-30 08:21 - 02561088 _____ () C:\Program Files\IDMSQ\idmsq.exe
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Asus\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00350496 _____ () C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe
2014-04-04 19:38 - 2014-04-04 19:38 - 00337920 _____ () C:\Program Files\Mega Browse\bin\sqlite3.dll
2009-12-03 21:28 - 2008-09-03 09:52 - 00536576 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-04-04 19:08 - 2014-04-04 19:08 - 00238880 _____ () C:\Program Files\Mega Browse\bin\FilterApp_C.exe
2014-04-04 19:08 - 2014-04-02 22:45 - 00094496 _____ () C:\Program Files\Mega Browse\bin\XTLSApp.exe
2014-04-04 19:08 - 2014-04-02 22:45 - 00179488 _____ () C:\Program Files\Mega Browse\bin\xtlsapp.dll
2013-12-07 19:51 - 2013-12-04 04:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 19:52 - 2013-12-04 04:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 19:51 - 2013-12-04 04:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-07 19:51 - 2013-12-04 04:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\startupreg: ASUS Camera ScreenSaver => C:\Windows\ASScrProlog.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\ASScrPro.exe
MSCONFIG\startupreg: PowerForPhone => "C:\Program Files\P4P\P4P.exe"

==================== Faulty Device Manager Devices =============

Name: isatap.{CCF94776-B9DD-431F-8BE5-3C89B3DE31B6}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2014 06:38:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 03:14:02 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\d755af2b-8c2e-48bf-983c-908a1013f6ac.dmp

Error: (04/04/2014 02:16:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 02:13:00 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {1a7f24dc-9db4-40a9-98c9-59479c43ef61}

Error: (04/04/2014 01:21:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 00:32:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 04:49:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 11:32:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 10:08:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 05:51:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/04/2014 08:05:51 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:05:49 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/04/2014 08:04:10 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (04/04/2014 06:38:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 03:14:02 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\d755af2b-8c2e-48bf-983c-908a1013f6ac.dmp

Error: (04/04/2014 02:16:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 02:13:00 PM) (Source: VSS)(User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {1a7f24dc-9db4-40a9-98c9-59479c43ef61}

Error: (04/04/2014 01:21:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 00:32:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 04:49:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 11:32:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 10:08:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 05:51:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-04 20:07:21.009
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:20.751
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:20.490
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:20.229
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:19.962
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:19.703
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:19.443
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:19.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:18.721
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-04 20:07:18.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3070.29 MB
Available physical RAM: 1567.12 MB
Total Pagefile: 6344.86 MB
Available Pagefile: 4840.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.17 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:72.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:106.67 GB) (Free:101.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)

==================== End Of Log ============================

M-K-D-B 05.04.2014 10:48
Servus,


Zitat:
C:\Users\Asus\Downloads\ZipExtractorSetup.exe
na super, du hast dich selber wieder mit Adware infiziert... :pfui: :pfui:



Weißt du, was das bedeutet?
1)Wir können wieder von vorne mit der Bereinigung anfangen...
2)Die Arbeit der letzten 2 Wochen war umsonst...
3) :twak:

Wieso installierst du Software, obwohl ich dich in meinem 1. Post ausdrücklich darauf hingewiesen habe, nichts zu installieren, außer ich sag dir das explizit???



Also wieder von vorne... :rolleyes:






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek.

jflack 05.04.2014 12:27
Hallo.

OK - Ohrfeige akzeptiert.

War ein Mißverständniss meinerseits. Habe Dein letztes Posting wohl falsch interpretiert.
Sorry.

Anbei die Logfiles von AdwCleaner und JRT.

Gruß
jflack


Code:
# AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 12:55:27
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Asus - ASUS-PC
# Gestartet von : C:\Users\Asus\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Update Mega Browse
[#] Dienst Gelöscht : Util Mega Browse

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\MediaWatchV1
[!] Ordner Gelöscht : C:\Program Files\Mega Browse
Ordner Gelöscht : C:\Program Files\Mysearchdial
Ordner Gelöscht : C:\Users\Asus\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Asus\AppData\Local\Temp\Mega Browse
Ordner Gelöscht : C:\Users\Asus\AppData\LocalLow\Mysearchdial
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mysearchdial
Ordner Gelöscht : C:\Users\Asus\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\Extensions\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\Extensions\ffxtlbr@mysearchdial.com
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\user.js
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\user.js
Datei Gelöscht : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\user.js
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2670798-4859-49B8-982D-E276ACB8508D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2670798-4859-49B8-982D-E276ACB8508D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A442558-C2E2-42DB-A879-CC52489048C6}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A442558-C2E2-42DB-A879-CC52489048C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19507

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAt[...]

[ Datei : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAt[...]
Zeile gelöscht : user_pref("extensions.enabledAddons", "toolbar%40web.de:2.8.1,clickclean%40hotcleaner.com:4.1,googlesharing%40extension.thoughtcrime.org:0.22,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.13,crypto[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dsites_14_14_ch");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "2076409355");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "F7BC6F38889AEECBEA31FB15BF1780FB");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "00221584E135B62A");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16164");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_d");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyE[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.015:12:8");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:12:8");

[ Datei : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAt[...]
Zeile gelöscht : user_pref("extensions.enabledAddons", "toolbar%40web.de:2.8.2,idmsq%40idmsq.com:1.0,%7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dsites_14_14_ch");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StAzy0Fzy0CtDtDzztGyCtByD0[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "2076409355");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "F7BC6F38889AEECBEA31FB15BF1780FB");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "00221584E135B62A");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16164");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_d");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyE[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.015:12:8");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"95\",\"lastVrsn\":\"95\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:12:8");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18178 octets] - [05/04/2014 12:52:52]
AdwCleaner[S0].txt - [17073 octets] - [05/04/2014 12:55:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17134 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Asus on 05.04.2014 at 13:10:52,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\yalum6vb.default-1383907381870\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.04.2014 at 13:17:23,92
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B 05.04.2014 12:54
Servus,


gut gemacht. :)


Fehlen noch die Logdateien von MBAM und Zoek.

jflack 06.04.2014 18:24
Hallo Matthias,

hier noch die mbam und Zoek Logdateien.

Gruß
jflack

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.04.2014
Suchlauf-Zeit: 18:31:00
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.06.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Asus

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 231431
Verstrichene Zeit: 18 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 16
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [b14f639d17e95ea29215142e56ac768a],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\Mega Browse, In Quarantäne, [15ebf50bb94744bc6b21d78e82808977],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-3974147251-177897506-2495822883-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mega Browse, In Quarantäne, [be4220e0a15f35cbdbb02e37d32fc739],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iefogiieekeeeeaiklglonbockmhmkgd_0, In Quarantäne, [56aa31cf6898a55b40501548976bc739],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],

Dateien: 18
PUP.Optional.Crimsolite.A, C:\Users\Asus\AppData\Local\Temp\is1590112554\2484379_stp\setup.exe, In Quarantäne, [7c84817f9f61db25485ce11d20e302fe],
PUP.Optional.MySearchDial.A, C:\Users\Asus\AppData\Local\Temp\is2690362\mysearchdial.dll, In Quarantäne, [17e90df34ab603fd8b0fd07b52afe020],
PUP.Optional.MySearchDial.A, C:\Users\Asus\AppData\Local\Temp\is3458994\mysearchdial.dll, In Quarantäne, [946cfc04de22f010fe9c83c80001ed13],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iefogiieekeeeeaiklglonbockmhmkgd_0.localstorage, In Quarantäne, [49b7679958a822de9067f26c59a9ff01],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iefogiieekeeeeaiklglonbockmhmkgd_0.localstorage-journal, In Quarantäne, [a45cf70933cd629ed324025cab570cf4],
PUP.Optional.MySearchDial.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi, In Quarantäne, [55ab9b658977ab5589cdafb2cf336997],
PUP.Optional.MegaBrowse.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi, In Quarantäne, [da2613ed4cb47c8488a0cf95669c8b75],
PUP.Optional.MegaBrowse.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi, In Quarantäne, [b24ede2225db27d98b9dea7ad32f0bf5],
PUP.Optional.MegaBrowse.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi, In Quarantäne, [6a96b050a7592fd180a8cd9747bb38c8],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iefogiieekeeeeaiklglonbockmhmkgd_0\13, In Quarantäne, [56aa31cf6898a55b40501548976bc739],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\000785.ldb, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\000791.log, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\CURRENT, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\LOCK, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\LOG, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\LOG.old, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iefogiieekeeeeaiklglonbockmhmkgd\MANIFEST-000789, In Quarantäne, [cf31d0305ca4af51b5dfc19c41c1fa06],
PUP.Optional.MySearchDial.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0DzytB0AtAyEyDtGyE0CyBtCtGyBtBzzzztG0ByD0B0FtGyCyB0D0C0CtD0F0AyB0DyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0FtA0EyCzytBtG0ByCyByDtG0FtCyDtCtG0EyByDyCtGyC0ByE0Dzy0F0FyB0CyDzzyB2Q&cr=579548144&ir=",), Ersetzt,[b14f966a07f97090c948e55ced1707f9]

Physische Sektoren: 0
(No malicious items detected)


(end)


Code:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Asus on 06.04.2014 at 18:50:21,93.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Asus\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06.04.2014 18:52:14 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\prefs.js:
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\prefs.js:
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
user_pref("browser.search.defaultengine", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\prefs.js:
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://suche.web.de/starthp?src=tb_newtab_ff,exp_nafs_treatment");
user_pref("browser.search.defaultengine", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Asus\AppData\Roaming\TomTom\HOME\Profiles\1ryhukpi.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Asus\AppData\Roaming\TomTom\HOME\Profiles\1ryhukpi.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1908_.backup

ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites_14_14_ch");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1
user_pref("extensions.irmysearch.cr", "2076409355");
user_pref("extensions.irmysearch.instlRef", "140305_d");
---- Lines mysearch modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs__1908_.backup

ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites_14_14_ch");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtBtBtCyDzzyE0EtCtAyD0ByCtB0AtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzytFtDtN1L1CzutCyEtDtAtDyD1V1
user_pref("extensions.irmysearch.cr", "2076409355");
user_pref("extensions.irmysearch.instlRef", "140305_d");
---- FireFox user.js and prefs.js backups ----

prefs__1908_.backup

ProfilePath: C:\Users\Asus\AppData\Roaming\TomTom\HOME\Profiles\1ryhukpi.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1908_.backup

==== Deleting Files \ Folders ======================

C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\extensions\ffxtlbr@mysearchdial.com not found
C:\Program Files\Mega Browse deleted
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default\extensions\staged deleted
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\jetpack deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [18.11.2013 12:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\nkzlfv9v.default
- Undetermined - %ProfilePath%\extensions\toolbar@web.de
- Undetermined - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Undetermined - %ProfilePath%\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
- Undetermined - %ProfilePath%\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
- Undetermined - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox
- Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
- Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com
- GoogleSharing - %ProfilePath%\extensions\googlesharing@extension.thoughtcrime.org
- Cryptocat - %ProfilePath%\extensions\cryptocat@crypto.cat.xpi
- Lightbeam - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870
- Internet Download Manager Squared - %ProfilePath%\extensions\idmsq@idmsq.com
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi

ProfilePath: C:\Users\Asus\AppData\Roaming\TomTom\HOME\Profiles\1ryhukpi.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox
E83B541C71965CFA1DEFF846CD6E9ECD        - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll -        Google Update
95812430959AE88CDD0301AB3A71913B        - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll -        Shockwave Flash
01D93217A9EE48DD37072B671378CC9C        - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll -        Silverlight Plug-In
A9191AE22A8F1287B5E2DF33E3A57253        - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -        Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD        - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -        Java Deployment Toolkit 7.0.510.13
3220B1254AEF7A191187EC03F51B3D61        - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -        Adobe Acrobat
B2576571746839180833E048AC2CCA5C        - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -        Adobe Acrobat
5B92CB0A3EEE50F6B9AE036B4F9B0F0C        - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -        Google Earth Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67        - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -        Windows Presentation Foundation / Windows Presentation Foundation
28986F0A2342A033345EF9E70D395E4F        - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll -        Microsoft® Silverlight

Profilepath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870
E83B541C71965CFA1DEFF846CD6E9ECD        - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll -        Google Update
95812430959AE88CDD0301AB3A71913B        - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll -        Shockwave Flash
01D93217A9EE48DD37072B671378CC9C        - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll -        Silverlight Plug-In
A9191AE22A8F1287B5E2DF33E3A57253        - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -        Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD        - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -        Java Deployment Toolkit 7.0.510.13
3220B1254AEF7A191187EC03F51B3D61        - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -        Adobe Acrobat
B2576571746839180833E048AC2CCA5C        - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -        Adobe Acrobat
5B92CB0A3EEE50F6B9AE036B4F9B0F0C        - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -        Google Earth Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67        - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -        Windows Presentation Foundation / Windows Presentation Foundation
28986F0A2342A033345EF9E70D395E4F        - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll -        Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02.03.2012 11:53]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx[11.03.2014 22:44]

Skype Click to Call - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Norton Identity Protection - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1F030088-8BE3-4AA3-9D03-26D4DB23DA80} Amazon  Url="hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}"
{2BA724D2-45DC-4B4D-8064-5D20686A1339} Englische Ergebnisse Url="hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{968E5101-323F-437E-B302-C9A3854F21B4} WEB.DE Suche Url="hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}"
{C1302AE2-8B4F-4F0D-BEAC-E121028FCC02} eBay  Url="hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Asus\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Asus\AppData\Local\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Cache emptied successfully
C:\Users\Asus\AppData\Local\Mozilla\Firefox\Profiles\yalum6vb.default-1383907381870\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=589 folders=87 89522971 bytes)

==== Empty Temp Folders ======================

C:\Users\Asus\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Asus\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 06.04.2014 at 19:16:20,83 ======================

M-K-D-B 07.04.2014 13:00
Servus,



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.






Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?





Bitte poste mit deiner nächsten Antwort
  • die zwei Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

jflack 07.04.2014 17:46
Hallo.

Anbei die beiden FRST-Logfiles.

Ich erkenne derzeit keine Probleme mit nerviger Werbung o. ä.
Mein Rechner läuft sauber und ohne Probleme.

Gruß
jflack



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Asus (administrator) on ASUS-PC on 07-04-2014 18:27:20
Running from C:\Users\Asus\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\smartlogon.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
() C:\Program Files\IDMSQ\idmsq.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-12-05] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8534560 2007-12-05] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-12-05] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Run: [MyDriveConnect.exe] - C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Run: [GoogleChromeAutoLaunch_FCA810C0E252261B949A7B9F364CE16A] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Run: [IDMSQ] - C:\Program Files\IDMSQ\idmsq.exe [2561088 2013-10-30] ()
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {40a38cbf-c515-11dd-97df-001f3c62bd12} - F:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {40a38cca-c515-11dd-97df-001f3c62bd12} - F:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {45007181-df2e-11de-9c34-001f3c62bd12} - E:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-3974147251-177897506-2495822883-1000\...\MountPoints2: {c7c7e3f4-8fa0-11dd-b3af-00221584e135} - F:\programs\nu2menu\nu2menu.exe
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/home
hxxp://www.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {1F030088-8BE3-4AA3-9D03-26D4DB23DA80} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {2BA724D2-45DC-4B4D-8064-5D20686A1339} URL = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {968E5101-323F-437E-B302-C9A3854F21B4} URL = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {C1302AE2-8B4F-4F0D-BEAC-E121028FCC02} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
BHO: WEB.DE Konfiguration - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Click&amp;Clean - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\clickclean@hotcleaner.com [2013-12-10]
FF Extension: GoogleSharing - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\googlesharing@extension.thoughtcrime.org [2013-12-10]
FF Extension: Cryptocat - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\cryptocat@crypto.cat.xpi [2013-12-10]
FF Extension: Lightbeam - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-12-10]
FF Extension: WEB.DE MailCheck - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\toolbar@web.de.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\v6typ25n.tarnfox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-10]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18]

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-07-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 N360; C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()

==================== Drivers (Whitelisted) ====================

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-04-01] ()
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140404.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-27] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140406.003\NAVENG.SYS [93272 2014-03-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140406.003\NAVEX15.SYS [1612376 2014-03-25] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [19944 2007-02-24] (Ray Hinchliffe)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1502000.026\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-08-19] (RapidSolution Software AG)
R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55232 2014-04-04] (StdLib)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 18:27 - 2014-04-07 18:27 - 00019002 _____ () C:\Users\Asus\Desktop\FRST.txt
2014-04-06 19:14 - 2014-04-06 18:50 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-06 18:51 - 2014-04-06 19:16 - 00018468 _____ () C:\zoek-results.log
2014-04-06 18:48 - 2014-04-06 18:48 - 01285120 _____ () C:\Users\Asus\Desktop\zoek.exe
2014-04-06 18:01 - 2014-04-06 18:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Asus\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-05 13:17 - 2014-04-05 13:17 - 00000800 _____ () C:\Users\Asus\Desktop\JRT.txt
2014-04-05 13:05 - 2014-04-05 13:05 - 01038974 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe
2014-04-05 12:52 - 2014-04-05 12:55 - 00000000 ____D () C:\AdwCleaner
2014-04-05 12:49 - 2014-04-05 12:49 - 01426178 _____ () C:\Users\Asus\Desktop\adwcleaner.exe
2014-04-04 20:07 - 2014-04-04 20:08 - 00032838 _____ () C:\Users\Asus\Downloads\Addition.txt
2014-04-04 20:06 - 2014-04-07 18:27 - 00000000 ____D () C:\FRST
2014-04-04 20:06 - 2014-04-04 20:08 - 00044502 _____ () C:\Users\Asus\Downloads\FRST.txt
2014-04-04 20:04 - 2014-04-04 20:04 - 01145856 _____ (Farbar) C:\Users\Asus\Desktop\FRST.exe
2014-04-04 19:12 - 2014-04-05 11:12 - 00000064 _____ () C:\Users\Asus\AppData\Roaming\WB.CFG
2014-04-04 19:08 - 2014-04-04 19:08 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-04-04 18:51 - 2014-04-04 18:51 - 00000000 ____D () C:\Users\Asus\AppData\Local\Secunia PSI
2014-04-04 18:50 - 2014-04-04 18:50 - 00000000 ____D () C:\Program Files\Secunia
2014-04-04 18:49 - 2014-04-04 18:49 - 05329480 _____ (Secunia) C:\Users\Asus\Downloads\PSISetup_3.0.0.9016.exe
2014-04-04 15:00 - 2014-04-04 15:00 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\0D0S1L2Z1P1B
2014-04-04 14:54 - 2014-04-04 14:54 - 00686048 _____ () C:\Users\Asus\Downloads\ZipExtractorSetup.exe
2014-04-04 14:11 - 2014-04-04 14:13 - 00002145 _____ () C:\DelFix.txt
2014-04-04 14:01 - 2014-04-04 14:01 - 00001899 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-04 14:01 - 2014-04-04 14:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-01 10:36 - 2014-04-01 10:36 - 00002588 _____ () C:\Windows\system32\.crusader
2014-04-01 10:26 - 2014-04-01 10:39 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-01 10:24 - 2014-04-01 10:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-31 19:19 - 2014-04-07 18:20 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Idmsq
2014-03-29 19:13 - 2014-03-29 19:13 - 00000164 _____ () C:\Users\Asus\Documents\cc_20140329_181323.reg
2014-03-27 18:04 - 2014-04-06 18:40 - 00007886 _____ () C:\MBAM.txt
2014-03-26 11:26 - 2014-04-06 19:09 - 00000000 ____D () C:\zoek_backup
2014-03-25 15:16 - 2014-03-25 15:16 - 00000000 ____D () C:\Users\Asus\AppData\Local\TuneUp Software
2014-03-25 14:45 - 2014-04-06 18:36 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 14:45 - 2014-04-06 18:08 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 14:45 - 2014-04-06 18:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-25 14:45 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 14:45 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 14:45 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 14:45 - 2014-03-25 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 14:22 - 2014-04-04 14:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 14:51 - 2014-03-23 14:51 - 00001344 _____ () C:\Users\Asus\Documents\Scan_230314.txt
2014-03-23 14:43 - 2014-03-23 14:49 - 00000000 ____D () C:\Users\Asus\AppData\Local\NPE
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Program Files\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\MININT
2014-03-22 20:56 - 2014-03-23 17:51 - 00108008 _____ () C:\Users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-22 19:42 - 2014-03-24 20:02 - 00404120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:51 - 2014-03-19 19:51 - 25081368 _____ (Mozilla) C:\Users\Asus\Downloads\Firefox-Setup-28.0.exe
2014-03-13 16:02 - 2014-02-23 19:44 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:02 - 2014-02-23 19:44 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:02 - 2014-02-23 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-03-13 16:02 - 2014-02-23 18:45 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-13 16:02 - 2014-02-23 18:38 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:02 - 2014-02-23 18:38 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:02 - 2014-02-23 18:38 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:02 - 2014-02-23 18:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-13 16:02 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:02 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:02 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:02 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-10 12:35 - 2014-03-10 12:36 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Asus\Downloads\ElsterFormular-15.0.20140212p.exe

==================== One Month Modified Files and Folders =======

2014-04-07 18:27 - 2014-04-07 18:27 - 00019002 _____ () C:\Users\Asus\Desktop\FRST.txt
2014-04-07 18:27 - 2014-04-04 20:06 - 00000000 ____D () C:\FRST
2014-04-07 18:22 - 2008-08-03 08:45 - 01198767 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 18:20 - 2014-03-31 19:19 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Idmsq
2014-04-07 18:20 - 2012-06-05 19:24 - 00000000 ___RD () C:\Users\Asus\Dropbox
2014-04-07 18:20 - 2012-06-05 19:20 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Dropbox
2014-04-07 18:19 - 2011-07-23 13:21 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 18:19 - 2008-12-30 15:27 - 00088648 _____ () C:\Users\Asus\AppData\Roaming\nvModes.001
2014-04-07 18:19 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 18:19 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 18:19 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 13:27 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-07 13:06 - 2011-07-23 13:21 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 13:04 - 2012-11-26 19:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 20:12 - 2008-08-03 10:12 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-06 19:16 - 2014-04-06 18:51 - 00018468 _____ () C:\zoek-results.log
2014-04-06 19:15 - 2008-01-21 04:47 - 00770436 _____ () C:\Windows\PFRO.log
2014-04-06 19:09 - 2014-03-26 11:26 - 00000000 ____D () C:\zoek_backup
2014-04-06 18:50 - 2014-04-06 19:14 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-06 18:48 - 2014-04-06 18:48 - 01285120 _____ () C:\Users\Asus\Desktop\zoek.exe
2014-04-06 18:40 - 2014-03-27 18:04 - 00007886 _____ () C:\MBAM.txt
2014-04-06 18:36 - 2014-03-25 14:45 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 18:33 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\IME
2014-04-06 18:08 - 2014-03-25 14:45 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-06 18:08 - 2014-03-25 14:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-06 18:01 - 2014-04-06 18:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Asus\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-05 13:17 - 2014-04-05 13:17 - 00000800 _____ () C:\Users\Asus\Desktop\JRT.txt
2014-04-05 13:05 - 2014-04-05 13:05 - 01038974 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe
2014-04-05 12:55 - 2014-04-05 12:52 - 00000000 ____D () C:\AdwCleaner
2014-04-05 12:55 - 2006-11-02 12:23 - 00000230 _____ () C:\Windows\win.ini
2014-04-05 12:49 - 2014-04-05 12:49 - 01426178 _____ () C:\Users\Asus\Desktop\adwcleaner.exe
2014-04-05 11:12 - 2014-04-04 19:12 - 00000064 _____ () C:\Users\Asus\AppData\Roaming\WB.CFG
2014-04-04 20:08 - 2014-04-04 20:07 - 00032838 _____ () C:\Users\Asus\Downloads\Addition.txt
2014-04-04 20:08 - 2014-04-04 20:06 - 00044502 _____ () C:\Users\Asus\Downloads\FRST.txt
2014-04-04 20:04 - 2014-04-04 20:04 - 01145856 _____ (Farbar) C:\Users\Asus\Desktop\FRST.exe
2014-04-04 19:08 - 2014-04-04 19:08 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\tStLibG.sys
2014-04-04 18:56 - 2012-01-25 19:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-04 18:51 - 2014-04-04 18:51 - 00000000 ____D () C:\Users\Asus\AppData\Local\Secunia PSI
2014-04-04 18:50 - 2014-04-04 18:50 - 00000000 ____D () C:\Program Files\Secunia
2014-04-04 18:49 - 2014-04-04 18:49 - 05329480 _____ (Secunia) C:\Users\Asus\Downloads\PSISetup_3.0.0.9016.exe
2014-04-04 15:00 - 2014-04-04 15:00 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\0D0S1L2Z1P1B
2014-04-04 14:54 - 2014-04-04 14:54 - 00686048 _____ () C:\Users\Asus\Downloads\ZipExtractorSetup.exe
2014-04-04 14:24 - 2008-10-01 12:12 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-04 14:21 - 2008-11-27 20:03 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Adobe
2014-04-04 14:13 - 2014-04-04 14:11 - 00002145 _____ () C:\DelFix.txt
2014-04-04 14:11 - 2014-03-25 14:22 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 14:06 - 2008-10-01 12:08 - 00000000 ____D () C:\Users\Asus
2014-04-04 14:02 - 2008-10-01 12:12 - 00000000 ____D () C:\Users\Asus\AppData\Local\Adobe
2014-04-04 14:01 - 2014-04-04 14:01 - 00001899 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-04 14:01 - 2014-04-04 14:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-04 14:01 - 2009-03-25 20:39 - 00000000 ____D () C:\Program Files\Adobe
2014-04-03 09:51 - 2014-03-25 14:45 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-03-25 14:45 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-03-25 14:45 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 17:51 - 2008-11-26 18:31 - 00043008 _____ () C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-01 17:49 - 2006-11-02 12:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 10:39 - 2014-04-01 10:26 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-01 10:36 - 2014-04-01 10:36 - 00002588 _____ () C:\Windows\system32\.crusader
2014-04-01 10:36 - 2014-04-01 10:24 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-31 19:15 - 2014-02-28 21:03 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 19:13 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-31 13:58 - 2009-09-14 18:45 - 00002066 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-03-31 13:58 - 2009-06-19 16:37 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-03-29 19:13 - 2014-03-29 19:13 - 00000164 _____ () C:\Users\Asus\Documents\cc_20140329_181323.reg
2014-03-26 11:54 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-03-26 11:11 - 2011-07-17 11:31 - 00000000 ____D () C:\Users\Asus\AppData\Local\CrashDumps
2014-03-25 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Globalization
2014-03-25 15:16 - 2014-03-25 15:16 - 00000000 ____D () C:\Users\Asus\AppData\Local\TuneUp Software
2014-03-25 14:45 - 2014-03-25 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 12:33 - 2013-11-03 12:41 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-25 12:33 - 2011-07-23 13:22 - 00001082 _____ () C:\Users\Asus\Desktop\Google Chrome.lnk
2014-03-25 12:33 - 2011-07-15 19:36 - 00000890 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2014-03-25 12:33 - 2008-10-01 12:14 - 00000980 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 20:02 - 2014-03-22 19:42 - 00404120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-23 17:51 - 2014-03-22 20:56 - 00108008 _____ () C:\Users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 14:51 - 2014-03-23 14:51 - 00001344 _____ () C:\Users\Asus\Documents\Scan_230314.txt
2014-03-23 14:49 - 2014-03-23 14:43 - 00000000 ____D () C:\Users\Asus\AppData\Local\NPE
2014-03-23 12:54 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Resources
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\Program Files\IDMSQ
2014-03-23 12:53 - 2014-03-23 12:53 - 00000000 ____D () C:\MININT
2014-03-22 13:11 - 2008-12-14 13:08 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-22 13:11 - 2008-08-03 09:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-22 13:07 - 2013-07-10 13:54 - 00000000 ____D () C:\Windows\Minidump
2014-03-20 12:35 - 2012-08-29 19:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-19 19:53 - 2014-02-23 12:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-19 19:53 - 2008-12-10 19:53 - 00000853 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 19:51 - 2014-03-19 19:51 - 25081368 _____ (Mozilla) C:\Users\Asus\Downloads\Firefox-Setup-28.0.exe
2014-03-19 13:07 - 2013-08-14 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 13:07 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-15 16:52 - 2011-07-23 13:21 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Skype
2014-03-14 14:36 - 2013-11-09 12:03 - 00000000 ____D () C:\Users\Asus\Documents\Rechnung der stornierten Lastschrift Ihrer Bestellung 22.08.2013
2014-03-14 12:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-14 11:53 - 2010-12-19 12:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:46 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-13 16:04 - 2012-09-02 09:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 16:04 - 2012-09-02 09:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 20:36 - 2012-03-05 19:45 - 00000000 ____D () C:\ProgramData\Apple
2014-03-10 12:42 - 2011-02-13 14:32 - 00001029 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-10 12:39 - 2012-01-02 18:24 - 00000000 ____D () C:\Users\Asus\AppData\Local\.elfohilfe
2014-03-10 12:39 - 2011-02-13 14:32 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-10 12:36 - 2014-03-10 12:35 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Asus\Downloads\ElsterFormular-15.0.20140212p.exe
2014-03-09 12:47 - 2008-08-03 09:43 - 00000000 ____D () C:\Program Files\ATKGFNEX

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-07 18:25

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Asus at 2014-04-07 18:28:13
Running from C:\Users\Asus\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version:  - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audials (HKLM\...\{0E9EBAF3-67F8-430A-9852-D02E5F20031A}) (Version: 10.2.30900.0 - Audials AG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
digiSeal reader (HKLM\...\digiSeal reader) (Version:  - secrypt GmbH)
Divinity II - Ego Draconis (HKLM\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Elevated Installer (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Evernote v. 5.0.2 (HKLM\...\{C2EECB42-2C7F-11E3-8960-00163E98E7D0}) (Version: 5.0.2.1392 - Evernote Corp.)
Express Zip (HKLM\...\ExpressZip) (Version: 2.18 - NCH Software)
Firefox 3.6 WEB.DE Edition (Version: 1.6 - WEB.DE) Hidden
Garmin Express (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Internet Download Manager² 1.0 (HKLM\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mega Browse (HKLM\...\Mega Browse) (Version: 2014.04.02.201943 - Mega Browse)
Mein eigener Bauernhof (HKLM\...\Mein eigener Bauernhof_is1) (Version:  - Realore Studios)
Mein eigener Bauernhof 2 (HKLM\...\Mein eigener Bauernhof 2_is1) (Version:  - Realore Studios)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}) (Version: 3.1.9396 - OpenOffice.org)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Power4Gear eXtreme (HKLM\...\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}) (Version: 1.00.0014 - ATK)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Samsung ML-1640 Series (HKLM\...\Samsung ML-1640 Series) (Version:  - Samsung Electronics CO.,LTD)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.205 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSO Image Resizer 4.0.0.53 (HKLM\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.53 - VSO-Software)
Web.de Fotoservice (HKLM\...\de.webde.fotoservice.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.3.5 - myphotobook GmbH)
Web.de Fotoservice (Version: 1.3.5 - myphotobook GmbH) Hidden
WEB.DE Internet Explorer Addon (HKLM\...\1&1 Mail & Media GmbH 1und1InternetExplorerAddon) (Version: 1.0.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WEB.DE Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

04-04-2014 12:13:01 Ende der Bereinigung
05-04-2014 10:19:56 Geplanter Prüfpunkt
06-04-2014 16:51:48 zoek.exe restore point

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-03-23 12:53 - 00000804 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1                        d3oxij66pru1i3.cloudfront.net


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {249B4955-CBCD-4BCF-962E-74EC5FBBBC1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {36035647-05E0-4568-8ABA-EE3235B4B1C5} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4451A61E-4181-4B13-AF92-573A2CF987B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {69E7336B-B180-4468-A70C-5779CDDB9889} - System32\Tasks\{85744F73-8CAA-4501-A430-5D43639614F6} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8EE613F4-CDF7-4AF4-829D-2A2596897E1D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {8F5DD851-7F6C-4011-89E9-F9E6093086B5} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Asus => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A0D8FD69-F0A7-4593-B5CA-A6E4FB3473BD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2007-12-26] (ASUS)
Task: {B75D21B2-B598-45C1-814A-FAF9E369F564} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C4660E8F-ABDB-4CFE-B846-783F6F6F70BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {C4B9ED0D-DA7F-4E13-BA37-231223E802D9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {C6DE47D8-A4F3-4041-B41F-66A198821C1B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {DD042017-A31E-4EB5-A931-F241FCCF5604} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DFCA9B24-18FE-4DF5-B50E-75C250B7DE99} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EB50A561-1439-4397-B217-075DCA080BF9} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {FBBE08B2-17B1-4D2E-B9DE-D6F964288F43} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-08-03 09:49 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-08-03 09:43 - 2007-10-03 06:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-08-03 09:43 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-08-03 09:49 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-08-03 09:49 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2009-12-03 21:23 - 2008-01-10 14:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2008-08-03 09:43 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-08-03 09:46 - 2007-09-26 20:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-08-03 09:53 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-08-03 10:01 - 2007-07-10 07:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-08-03 09:53 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-08-03 09:43 - 2007-08-08 20:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2013-11-29 11:29 - 2013-11-29 11:29 - 00026520 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00082840 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00344984 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2013-10-30 08:21 - 2013-10-30 08:21 - 02561088 _____ () C:\Program Files\IDMSQ\idmsq.exe
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Asus\AppData\Roaming\Dropbox\bin\libcef.dll
2008-08-03 09:43 - 2007-08-15 20:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-08-03 09:43 - 2007-08-15 20:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-08-03 09:57 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-08-03 09:57 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-08-03 09:57 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-08-03 09:57 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-08-03 09:57 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-08-03 09:57 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-08-03 09:57 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2013-12-07 19:51 - 2013-12-04 04:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 19:52 - 2013-12-04 04:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 19:51 - 2013-12-04 04:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2009-12-03 21:28 - 2008-09-03 09:52 - 00536576 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: StarMoney 7.0 OnlineUpdate => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\startupreg: ASUS Camera ScreenSaver => C:\Windows\ASScrProlog.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\ASScrPro.exe
MSCONFIG\startupreg: PowerForPhone => "C:\Program Files\P4P\P4P.exe"

==================== Faulty Device Manager Devices =============

Name: isatap.{CCF94776-B9DD-431F-8BE5-3C89B3DE31B6}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 06:20:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 00:49:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 00:01:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 10:13:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 08:13:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 07:17:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 06:35:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 05:53:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 09:10:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 06:22:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/07/2014 06:29:23 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:29:23 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:29:23 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:29:23 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:29:23 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:27:28 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:27:27 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:27:26 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:27:26 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (04/07/2014 06:27:26 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (04/07/2014 06:20:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 00:49:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 00:01:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 10:13:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 08:13:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 07:17:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 06:35:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 05:53:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 09:10:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 06:22:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-07 18:28:06.896
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:06.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:06.381
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:06.116
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:05.851
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:05.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:05.336
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:05.071
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:04.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 18:28:04.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3070.29 MB
Available physical RAM: 1626.71 MB
Total Pagefile: 6344.86 MB
Available Pagefile: 5080.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.35 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:67.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:106.67 GB) (Free:101.21 GB) NTFS
Drive e: (Volume) (Fixed) (Total:186.31 GB) (Free:166.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 4C80FEE2)
Partition 1: (Not Active) - (Size=186 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 08.04.2014 19:48
Servus,



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.






Schritt 1
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

jflack 09.04.2014 10:17
Hallo.

Ich stehe gerade etwas auf dem Schlauch!

Nach dem Suchlauf von HitmanPro und Klick auf Weiter,
habe ich auf Neustart geklickt.
Ich habe die Schaltfläche Kostenlose Lizenz aktivieren nirgends gesehen?
Somit habe ich jetzt keine Logdatei.

Gruß
jflack


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:27 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131