Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Webseiten werden auf Werbung umgeleitet (https://www.trojaner-board.de/153607-windows-7-webseiten-werbung-umgeleitet.html)

2Liga 08.05.2014 21:02
Windows 7: Webseiten werden auf Werbung umgeleitet
 
Hallo an alle Helfer

Ich benutze Firefox als Browser und Avira für Schutz.
Seit Vorgestern werde ich ständig auf Werbeseiten gelinkt.
Zuvor und wärend hat sich mein Virenscanner gemeldet.
Ich habe 2 Komplettscans vorgenommen, ohne Ergebnis.
Dann hat sich häufiger Avira gemeldet, um zu melden, dass eine Datei eine TCP-Verbindung aufbauen will. Ich habe versehentlich auf zulassen gedrückt.

Hier Defogger.log
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:31 on 08/05/2014 (Oliver)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 01
Ran by XXXXX (administrator) on XXXXX-PC on 08-05-2014 20:33:07
Running from C:\Users\XXXXX\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
() C:\Windows\System32\cndial32.exe
() C:\Windows\System32\DlProtectSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Windows\AsScrPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\ProgramData\dlprotect.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\XXXXX\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-02-24] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-25] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-26] ()
HKLM-x32\...\Run: [ASUS VIBE] => C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-02] (ecm)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-05-04] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2319975947-2091509605-1812867878-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-02] (Google Inc.)
HKU\S-1-5-21-2319975947-2091509605-1812867878-1001\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5356320 2012-03-28] (360Amigo)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [111720 2010-07-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100968 2010-07-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=MA21DDB9C-9DE7-437F-A8FC-093010462ECE&SearchSource=55&CUI=&UM=5&UP=SPB436C6AC-CC74-417E-9A70-D65FB97BD895&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=190712_ctrl_2912_5&babsrc=SP_ss&mntrId=78da6c160000000000000026c7ac319b
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=96802F39-D5A5-4458-9332-08EB362B6E22&apn_sauid=6CC1219B-FEDD-48DA-BF06-6FDDB2F7F274
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844
FF user.js: detected! => C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\user.js
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_95.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_95.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-16]
FF Extension: PSHD-9.9 - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [2014-05-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-30]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.)
R2 dialer64; C:\Windows\system32\cndial32.exe [120832 2014-05-04] ()
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [124928 2014-05-04] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()

==================== Drivers (Whitelisted) ====================

R1 AmgHips; C:\Windows\System32\Drivers\AmgHips.sys [31008 2012-03-28] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 20:33 - 2014-05-08 20:33 - 00017648 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-05-08 20:32 - 2014-05-08 20:33 - 00000000 ____D () C:\FRST
2014-05-08 20:31 - 2014-05-08 20:31 - 00000474 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-05-08 20:31 - 2014-05-08 20:31 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-05-08 20:30 - 2014-05-08 13:24 - 00380416 _____ () C:\Users\XXXXX\Desktop\Gmer-19357.exe
2014-05-08 20:30 - 2014-05-08 13:23 - 02063872 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-05-08 20:30 - 2014-05-08 13:22 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-05-07 22:54 - 2014-05-08 20:30 - 00000853 _____ () C:\Windows\setupact.log
2014-05-07 22:54 - 2014-05-07 22:54 - 00002858 _____ () C:\Windows\PFRO.log
2014-05-07 22:54 - 2014-05-07 22:54 - 00000162 _____ () C:\Windows\errord.log
2014-05-07 22:54 - 2014-05-07 22:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 22:53 - 2014-05-07 22:55 - 00000508 _____ () C:\Windows\error.log
2014-05-07 22:31 - 2014-05-07 22:31 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-05-07 22:30 - 2014-05-08 20:15 - 00001478 _____ () C:\Windows\Tasks\9c402e05-3dbb-480c-ac63-356184b4cc5b-5.job
2014-05-07 22:30 - 2014-05-07 22:30 - 00004508 _____ () C:\Windows\System32\Tasks\9c402e05-3dbb-480c-ac63-356184b4cc5b-5
2014-05-07 22:30 - 2014-05-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2
2014-05-07 22:28 - 2014-05-07 22:28 - 00614496 _____ () C:\Users\XXXXX\Downloads\Setup.exe
2014-05-07 20:25 - 2014-05-07 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 20:23 - 2014-05-07 20:23 - 19151024 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 21:37 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 21:37 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 23:16 - 2014-05-04 23:16 - 00001170 _____ () C:\Users\XXXXX\Desktop\100 Euro Guthaben.lnk
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\dlg
2014-05-04 23:15 - 2014-05-08 20:15 - 00003108 _____ () C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-3.job
2014-05-04 23:15 - 2014-05-08 20:15 - 00002136 _____ () C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-4.job
2014-05-04 23:15 - 2014-05-08 20:15 - 00001442 _____ () C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-5.job
2014-05-04 23:15 - 2014-05-06 21:35 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-05-04 23:15 - 2014-05-04 23:15 - 00006138 _____ () C:\Windows\System32\Tasks\060489a5-6909-4c45-b002-aad097050531-3
2014-05-04 23:15 - 2014-05-04 23:15 - 00005166 _____ () C:\Windows\System32\Tasks\060489a5-6909-4c45-b002-aad097050531-4
2014-05-04 23:15 - 2014-05-04 23:15 - 00004472 _____ () C:\Windows\System32\Tasks\060489a5-6909-4c45-b002-aad097050531-5
2014-05-04 23:15 - 2014-05-04 23:15 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-05-04 23:14 - 2014-05-04 23:14 - 00124928 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-05-04 23:14 - 2014-05-04 23:14 - 00120832 _____ () C:\Windows\system32\cndial32.exe
2014-05-04 23:14 - 2014-05-04 23:14 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-04 23:10 - 2014-05-04 23:10 - 00462976 _____ () C:\Users\XXXXX\Downloads\ccleaner.exe
2014-05-03 23:50 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 23:50 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 23:50 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 23:50 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 09:07 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 09:07 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 09:07 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-30 09:07 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-30 09:06 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-30 09:06 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 09:06 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 09:06 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 09:06 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 09:06 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 09:06 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 09:06 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 09:06 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 09:06 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-30 09:06 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 09:06 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 09:06 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 09:06 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-30 09:06 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-30 09:06 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 09:06 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 09:06 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-30 09:06 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-30 09:06 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-30 09:06 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-30 09:06 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 09:06 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-30 09:06 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-30 09:06 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-30 09:06 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 09:06 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-30 09:06 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 09:06 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-30 09:06 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-30 09:06 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 09:06 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-30 09:06 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-30 09:06 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-30 09:06 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 09:06 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 09:06 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 09:06 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-30 09:06 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-30 09:06 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 20:14 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 20:14 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 20:14 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 20:14 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 20:14 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 20:14 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 20:14 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 20:14 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 20:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 20:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 20:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 20:14 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 20:14 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 20:14 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 20:14 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 20:14 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 20:14 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-08 20:33 - 2014-05-08 20:33 - 00017648 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-05-08 20:33 - 2014-05-08 20:32 - 00000000 ____D () C:\FRST
2014-05-08 20:31 - 2014-05-08 20:31 - 00000474 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-05-08 20:31 - 2014-05-08 20:31 - 00000000 _____ () C:\Users\XXXXX\defogger_reenable
2014-05-08 20:31 - 2011-03-19 22:09 - 00000000 ____D () C:\Users\XXXXX
2014-05-08 20:31 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-08 20:31 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-08 20:31 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 20:30 - 2014-05-07 22:54 - 00000853 _____ () C:\Windows\setupact.log
2014-05-08 20:25 - 2011-08-13 15:28 - 01326951 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 20:15 - 2014-05-07 22:30 - 00001478 _____ () C:\Windows\Tasks\9c402e05-3dbb-480c-ac63-356184b4cc5b-5.job
2014-05-08 20:15 - 2014-05-04 23:15 - 00003108 _____ () C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-3.job
2014-05-08 20:15 - 2014-05-04 23:15 - 00002136 _____ () C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-4.job
2014-05-08 20:15 - 2014-05-04 23:15 - 00001442 _____ () C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-5.job
2014-05-08 20:15 - 2012-12-16 01:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 13:24 - 2014-05-08 20:30 - 00380416 _____ () C:\Users\XXXXX\Desktop\Gmer-19357.exe
2014-05-08 13:23 - 2014-05-08 20:30 - 02063872 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-05-08 13:22 - 2014-05-08 20:30 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-05-07 23:02 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 23:02 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 22:55 - 2014-05-07 22:53 - 00000508 _____ () C:\Windows\error.log
2014-05-07 22:55 - 2009-07-14 04:34 - 00000498 _____ () C:\Windows\win.ini
2014-05-07 22:54 - 2014-05-07 22:54 - 00002858 _____ () C:\Windows\PFRO.log
2014-05-07 22:54 - 2014-05-07 22:54 - 00000162 _____ () C:\Windows\errord.log
2014-05-07 22:54 - 2014-05-07 22:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 22:54 - 2011-03-19 22:10 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-05-07 22:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 22:31 - 2014-05-07 22:31 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-05-07 22:30 - 2014-05-07 22:30 - 00004508 _____ () C:\Windows\System32\Tasks\9c402e05-3dbb-480c-ac63-356184b4cc5b-5
2014-05-07 22:30 - 2014-05-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2
2014-05-07 22:28 - 2014-05-07 22:28 - 00614496 _____ () C:\Users\XXXXX\Downloads\Setup.exe
2014-05-07 21:15 - 2011-12-11 22:59 - 00000000 ____D () C:\Windows\Minidump
2014-05-07 20:25 - 2014-05-07 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 20:24 - 2012-12-16 01:00 - 00698032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-07 20:24 - 2012-12-16 01:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-07 20:24 - 2012-12-09 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 20:23 - 2014-05-07 20:23 - 19151024 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 21:35 - 2014-05-04 23:15 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-05-06 21:32 - 2010-11-02 18:59 - 00002088 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-05-06 21:32 - 2010-11-02 18:59 - 00001411 _____ () C:\Windows\system32\ServiceFilter.ini
2014-05-04 23:16 - 2014-05-04 23:16 - 00001170 _____ () C:\Users\XXXXX\Desktop\100 Euro Guthaben.lnk
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\dlg
2014-05-04 23:16 - 2011-03-20 19:53 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-04 23:16 - 2011-03-20 19:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 23:15 - 2014-05-04 23:15 - 00006138 _____ () C:\Windows\System32\Tasks\060489a5-6909-4c45-b002-aad097050531-3
2014-05-04 23:15 - 2014-05-04 23:15 - 00005166 _____ () C:\Windows\System32\Tasks\060489a5-6909-4c45-b002-aad097050531-4
2014-05-04 23:15 - 2014-05-04 23:15 - 00004472 _____ () C:\Windows\System32\Tasks\060489a5-6909-4c45-b002-aad097050531-5
2014-05-04 23:15 - 2014-05-04 23:15 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-05-04 23:14 - 2014-05-04 23:14 - 00124928 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-05-04 23:14 - 2014-05-04 23:14 - 00120832 _____ () C:\Windows\system32\cndial32.exe
2014-05-04 23:14 - 2014-05-04 23:14 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-04 23:10 - 2014-05-04 23:10 - 00462976 _____ () C:\Users\XXXXX\Downloads\ccleaner.exe
2014-04-30 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 16:01 - 2014-05-03 23:50 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 23:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 23:50 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 23:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 04:24 - 2014-05-06 21:37 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 21:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 21:47 - 2012-10-30 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-11 18:08 - 2011-03-25 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 18:07 - 2013-08-17 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 18:04 - 2011-03-25 07:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX\AppData\Local\Temp\nshC1F5.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 12:27

==================== End Of Log ============================
Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2014 01
Ran by Oliver at 2014-05-08 20:33:46
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
360Amigo System Speedup Free (HKLM-x32\...\360Amigo) (Version: 1.2.1.7900 - 360Amigo System SpeedUp)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.95 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.95 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0029 - ASUS)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.182 - Ecareme, Inc.)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BUDNI Fotowelt (HKLM-x32\...\BUDNI Fotowelt) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CIB pdf brewer (HKLM\...\{E9E6A9B7-89B7-41D3-90A1-710E82427097}) (Version: 2.6.0034 - CIB software GmbH)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.0.1606_25588 - CyberLink Corp.)
CyberLink MediaShow Espresso (x32 Version: 5.0.1606_25588 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2609a - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3009.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3009.50 - CyberLink Corp.) Hidden
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender 12.2.0.6412p) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-x64 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.69.343 - Asus)
ExpressGate Cloud (x32 Version: 2.1.69.343 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Freeven pro 1.2 (HKLM-x32\...\Freeven pro 1.2) (Version: 1.34.5.4 - Freeven) <==== ATTENTION
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.5.4 - Freeven) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
PM FASTrack v6 (HKLM-x32\...\PM FASTrack v6) (Version: 6.0.0 - RMC Project Management)
PSHD-9.9 (HKLM-x32\...\PSHD-9.9) (Version: 1.34.4.10 - PlusVHD)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6162 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version:  - Oberon Media)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.16 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

11-04-2014 15:59:16 Windows Update
30-04-2014 07:04:43 Windows Update
03-05-2014 21:48:35 Windows Update
07-05-2014 18:23:30 Windows Update
07-05-2014 20:30:52 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12A86EA4-87DD-4F2F-ACD8-55F6097CDD1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {29864A4C-1610-42E6-A3D9-3875F8DB97DF} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {32CB9A6B-D194-4C5A-9870-3055EE58DFA0} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {3874D81E-E581-4044-BB16-EB87AD1277E2} - System32\Tasks\060489a5-6909-4c45-b002-aad097050531-4 => C:\Program Files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe
Task: {39C7AFFB-30A7-41B9-A1B8-6950326D036E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {730C2B8E-9373-4FBD-83B5-203263B24D66} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {A188FD0F-C606-4F98-9E9D-F1DD527C004F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-07] (Adobe Systems Incorporated)
Task: {A8967F05-644A-47F7-902A-AEB0DEE6B2B8} - System32\Tasks\060489a5-6909-4c45-b002-aad097050531-3 => C:\Program Files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-3.exe [2014-05-04] (PlusVHD)
Task: {B24822A6-E444-49AC-B5C3-241342DAFA59} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CBB055AE-531D-493A-ACBC-65413F4E0F14} - System32\Tasks\060489a5-6909-4c45-b002-aad097050531-5 => C:\Program Files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe
Task: {D0D3A67C-2EC9-4A8C-83D7-4AB0301190A2} - System32\Tasks\9c402e05-3dbb-480c-ac63-356184b4cc5b-5 => C:\Program Files (x86)\Freeven pro 1.2\9c402e05-3dbb-480c-ac63-356184b4cc5b-5.exe [2014-05-07] (Freeven) <==== ATTENTION
Task: {DA21E825-B02A-4675-BE6B-D0206DB1016D} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {DDBD0AA8-232E-4053-8BB5-A1BF986FD60C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-3.job => C:\Program Files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-3.exe
Task: C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-4.job => C:\Program Files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe
Task: C:\Windows\Tasks\060489a5-6909-4c45-b002-aad097050531-5.job => C:\Program Files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe
Task: C:\Windows\Tasks\9c402e05-3dbb-480c-ac63-356184b4cc5b-5.job => C:\Program Files (x86)\Freeven pro 1.2\9c402e05-3dbb-480c-ac63-356184b4cc5b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 18:21 - 2010-03-05 18:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-04 23:14 - 2014-05-04 23:14 - 00120832 _____ () C:\Windows\system32\cndial32.exe
2014-05-04 23:14 - 2014-05-04 23:14 - 00124928 _____ () C:\Windows\System32\DlProtectSvc.exe
2010-11-02 18:59 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-11-02 18:28 - 2010-11-02 18:28 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-11-02 18:28 - 2010-11-02 18:28 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-06 03:22 - 2010-05-06 03:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2010-11-02 18:17 - 2010-04-06 08:29 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-05 18:21 - 2010-03-05 18:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-04-26 18:37 - 2010-04-26 18:37 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-05-04 23:14 - 2014-05-04 23:14 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-08 20:30 - 2014-05-08 13:22 - 00050477 _____ () C:\Users\Oliver\Desktop\Defogger.exe
2013-08-05 20:49 - 2013-08-05 20:41 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-05 20:49 - 2011-10-11 21:03 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2013-08-05 20:49 - 2011-10-11 21:03 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-24 00:11 - 2010-02-24 00:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-24 00:12 - 2010-02-24 00:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
2010-07-26 16:26 - 2010-07-26 16:26 - 00010856 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-30 10:10 - 2014-03-30 10:10 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: VOPackage => C:\Users\Oliver\AppData\Roaming\VOPackage\VOPackage.exe /runonce

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2014 10:55:44 PM) (Source: Windows Search Service) (User: ) (EventID: 7010)
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/07/2014 10:55:44 PM) (Source: Windows Search Service) (User: ) (EventID: 3058)
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/07/2014 10:55:44 PM) (Source: Windows Search Service) (User: ) (EventID: 3028)
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/07/2014 10:55:44 PM) (Source: Windows Search Service) (User: ) (EventID: 3029)
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/07/2014 10:55:38 PM) (Source: Windows Search Service) (User: ) (EventID: 3029)
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/07/2014 10:55:38 PM) (Source: Windows Search Service) (User: ) (EventID: 9002)
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/07/2014 10:55:38 PM) (Source: Windows Search Service) (User: ) (EventID: 7042)
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/07/2014 10:55:38 PM) (Source: Windows Search Service) (User: ) (EventID: 7040)
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/07/2014 10:55:38 PM) (Source: Windows Search Service) (User: ) (EventID: 9000)
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (05/07/2014 10:55:37 PM) (Source: ESENT) (User: ) (EventID: 455)
Description: Windows (5092) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00025.log.


System errors:
=============
Error: (05/08/2014 11:17:22 AM) (Source: ACPI) (User: ) (EventID: 10)
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (05/08/2014 11:17:22 AM) (Source: ACPI) (User: ) (EventID: 10)
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (05/08/2014 10:17:42 AM) (Source: ACPI) (User: ) (EventID: 10)
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (05/08/2014 10:17:42 AM) (Source: ACPI) (User: ) (EventID: 10)
Description: ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten.

Error: (05/07/2014 10:55:45 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/07/2014 10:55:45 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (05/07/2014 10:55:28 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/07/2014 03:51:51 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (05/07/2014 03:51:51 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (05/06/2014 09:33:51 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (06/01/2013 10:57:27 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 478223 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (10/14/2012 01:25:49 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3230 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3883.85 MB
Available physical RAM: 2040.79 MB
Total Pagefile: 7765.88 MB
Available Pagefile: 5278.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.05 GB) (Free:87.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:427.59 GB) (Free:427.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 76BC31A2)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=428 GB) - (Type=OF Extended)

==================== End Of Log ============================
Gmer log
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-08 21:36:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\ufdiapob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                          fffff80002fba000 45 bytes [00, 00, 00, 00, D8, 48, 85, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                          fffff80002fba02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\dlprotect.exe (*** suspicious ***) @ C:\ProgramData\dlprotect.exe [5084](2014-05-04 21:14:55)                                0000000000400000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2250A694-E0B9-4B0A-A25C-C5BFF910CF36}\Connection@Name  isatap.{C1616C1E-C76A-4EC2-9935-CC8908DD80D0}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    \Device\{2250A694-E0B9-4B0A-A25C-C5BFF910CF36}?\Device\{C23AB68D-898C-4DC4-96AE-41CC5C6E860E}?\Device\{14385820-EE09-4817-9259-1570D0325737}?\Device\{4BB046DB-33A9-41E3-9B26-4EA168EAD718}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{2250A694-E0B9-4B0A-A25C-C5BFF910CF36}"?"{C23AB68D-898C-4DC4-96AE-41CC5C6E860E}"?"{14385820-EE09-4817-9259-1570D0325737}"?"{4BB046DB-33A9-41E3-9B26-4EA168EAD718}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  \Device\TCPIP6TUNNEL_{2250A694-E0B9-4B0A-A25C-C5BFF910CF36}?\Device\TCPIP6TUNNEL_{C23AB68D-898C-4DC4-96AE-41CC5C6E860E}?\Device\TCPIP6TUNNEL_{14385820-EE09-4817-9259-1570D0325737}?\Device\TCPIP6TUNNEL_{4BB046DB-33A9-41E3-9B26-4EA168EAD718}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2250A694-E0B9-4B0A-A25C-C5BFF910CF36}@InterfaceName                      isatap.{C1616C1E-C76A-4EC2-9935-CC8908DD80D0}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2250A694-E0B9-4B0A-A25C-C5BFF910CF36}@ReusableType                        0

---- EOF - GMER 2.1 ----
und die letzten Ereignisse von Avira
Code:
Exportierte Ereignisse:

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2865' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2865' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2888' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2888' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2870' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2870' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2875' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsz82D3.tmp\489563'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2875' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:30 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nse18EA.tmp\271807'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2853' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:30 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nse18EA.tmp\271807'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2853' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:30 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nse18EA.tmp\271807'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2879' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:30 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nse18EA.tmp\271807'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2879' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

07.05.2014 22:30 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nse18EA.tmp\271807'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2855' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

07.05.2014 22:30 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nse18EA.tmp\271807'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2855' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:35 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/CrossRider.A.2542'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d138531.qua'
      verschoben!

06.05.2014 21:35 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/CrossRider.A.2592'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5584aa97.qua'
      verschoben!

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2542' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2592' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2542' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2592' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2542' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2592' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2542' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2592' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2542' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2592' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-5.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2542' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

06.05.2014 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files
      (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.A.2592' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

04.05.2014 23:15 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsyFB7A.tmp\493071'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.AC' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.05.2014 23:15 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Local\Temp\nsyFB7A.tmp\493071'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/CrossRider.AC' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

04.05.2014 23:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Roaming\Security System 2\data\serv.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/AgentCV.A.3743' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

04.05.2014 23:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Roaming\Security System 2\data\serv.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/AgentCV.A.3743' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.05.2014 23:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Roaming\Security System 2\data\serv.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/AgentCV.A.3743' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

04.05.2014 23:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\XXXXX\AppData\Roaming\Security System 2\data\serv.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/AgentCV.A.3743' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben
Über Hilfe würde ich mich sehr freuen

Lieben Gruß
2Liga

schrauber 09.05.2014 06:36
hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

2Liga 09.05.2014 22:33
Hallo Schrauber

Ich muss jetzt ausserhalb der Seite editieren, da mein Browser ständig abstürzt.
Zumal wird jetzt jeder Mausklick oder andere Aktion im Browser mit Weiterleitung zu einer Werbeseite mittels Pop Up, neuem Tab oder gar auf der selben Seite honoriert.
Auch alle Seiten selber haben sich geändert. Überall erscheint eingebettet Werbung, Satzteile sind mit Links zu angeblichen PC-Hilfe-Seiten hinterlegt.
Das gilt auch für Trojaner-Board. Alles sehr Spooki und beängstigend.

Folgende habe ich gemacht:
Habe mit Recuva die 2 in Addition angemerkte Einträge moderat gelöscht.

Habe Avira deaktiviert .. dachte ich zumindest
Habe danach Combofix gestartet
Avira hat daraufhin Zugriff zur REG verhindert.
Auch wurde ich von AVIRA gefragt, ob ich eine TCP Verbindung von Compo zulassen will, was ich bejaht habe.
Danch wurde eine neue Netzverbindung generiert.
Nach Level 50 und Löschanzeige von 3 Dateien blieb das Program stehen.
Ich habe neu gestartet und Combo erneut gestartet.
Anzeigen von AVIRA waren gleich. Dieslmal habe ich die TCP Verbindung verweigert.
Das Program lief durch, hier das LOG File
Code:
ComboFix 14-05-07.03 - Oliver 09.05.2014  22:35:25.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3884.2235 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-09 bis 2014-05-09  ))))))))))))))))))))))))))))))
.
.
2014-05-09 20:50 . 2014-05-09 20:50        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-05-09 20:50 . 2014-05-09 20:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-09 19:45 . 2014-05-09 19:45        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-05-08 18:32 . 2014-05-08 18:34        --------        d-----w-        C:\FRST
2014-05-07 20:53 . 2014-05-07 20:53        --------        d-----w-        c:\program files (x86)\Uninstaller
2014-05-07 20:30 . 2014-05-07 20:30        --------        d-----w-        c:\users\Oliver\AppData\Local\Programs
2014-05-07 18:25 . 2014-05-07 18:25        --------        d-s---w-        c:\windows\system32\CompatTel
2014-05-07 18:23 . 2014-05-07 18:23        19151024        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-06 19:37 . 2014-04-14 02:24        465408        ----a-w-        c:\windows\system32\aepdu.dll
2014-05-06 19:37 . 2014-04-14 02:19        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-05-04 21:16 . 2014-05-04 21:16        --------        d-----w-        c:\users\Oliver\AppData\Roaming\dlg
2014-05-04 21:15 . 2014-05-04 21:15        --------        d-----w-        c:\program files (x86)\SparPilotAddon
2014-05-04 21:15 . 2014-05-06 19:35        --------        d-----w-        c:\program files (x86)\PSHD-9.9
2014-05-04 21:14 . 2014-05-04 21:14        120832        ----a-w-        c:\windows\system32\cndial32.exe
2014-05-04 21:14 . 2014-05-04 21:14        124928        ----a-w-        c:\windows\system32\DlProtectSvc.exe
2014-05-03 21:50 . 2014-04-29 14:01        23547904        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-03 21:50 . 2014-04-29 13:40        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-03 21:50 . 2014-04-29 12:34        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-04-30 07:07 . 2014-03-06 06:00        359936        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2014-04-30 07:07 . 2014-03-06 05:50        257536        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-30 07:07 . 2014-03-06 08:32        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-04-30 07:07 . 2014-03-06 08:57        548352        ----a-w-        c:\windows\system32\vbscript.dll
2014-04-30 07:07 . 2014-03-06 08:02        455168        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-04-30 07:07 . 2014-03-06 08:36        222720        ----a-w-        c:\program files\Internet Explorer\ielowutil.exe
2014-04-30 07:07 . 2014-03-06 07:44        222720        ----a-w-        c:\program files (x86)\Internet Explorer\ielowutil.exe
2014-04-30 07:07 . 2014-03-06 07:03        470016        ----a-w-        c:\program files (x86)\Internet Explorer\ieinstal.exe
2014-04-30 07:07 . 2014-03-08 02:34        293072        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2014-04-30 07:07 . 2014-03-08 01:59        235216        ----a-w-        c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-04-30 07:07 . 2014-03-06 07:44        482816        ----a-w-        c:\program files\Internet Explorer\ieinstal.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 19:39 . 2011-03-19 20:10        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2014-05-07 18:24 . 2012-12-15 23:00        698032        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-07 18:24 . 2012-12-09 12:39        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-11 16:04 . 2011-03-25 05:44        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-04 09:44 . 2014-04-09 18:14        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 18:14        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 18:14        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 18:14        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 18:14        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 18:14        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 18:14        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 18:14        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 18:14        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 18:14        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 18:14        2048        ----a-w-        c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-03-28 5356320]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-04-26 1597440]
"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-11 689744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-11-2 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys;c:\windows\SYSNATIVE\Drivers\AmgHips.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/02 09:21];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl;c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 dialer64;Enumerator-Treiber USB-Massenspeichertreiber ActiveX-Installer;c:\windows\system32\cndial32.exe;c:\windows\SYSNATIVE\cndial32.exe [x]
S2 DlProtectSvc;Download Protect Service;c:\windows\System32\DlProtectSvc.exe;c:\windows\SYSNATIVE\DlProtectSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-09 c:\windows\Tasks\060489a5-6909-4c45-b002-aad097050531-3.job
- c:\program files (x86)\PSHD-9.9\060489a5-6909-4c45-b002-aad097050531-3.exe [2014-05-04 21:15]
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-22 2103912]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=MA21DDB9C-9DE7-437F-A8FC-093010462ECE&SearchSource=55&CUI=&UM=5&UP=SPB436C6AC-CC74-417E-9A70-D65FB97BD895&SSPV=
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 62.109.121.1 192.168.0.1
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
  ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
  cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC}"=hex:51,66,7a,6c,4c,1d,38,12,a3,d6,2d,
  4b,14,49,c7,07,f8,e3,92,7f,38,77,32,b8
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:97,96,9a,6c,0c,92,ce,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-09  23:06:34
ComboFix-quarantined-files.txt  2014-05-09 21:06
.
Vor Suchlauf: 9 Verzeichnis(se), 93.173.186.560 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 92.772.474.880 Bytes frei
.
- - End Of File - - 1B65744CC7E5AD3A8CA44E067DF4FBBE
Ich kann derzeit keine Verbesserung sehen

Lieben Gruß

schrauber 10.05.2014 17:52
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

2Liga 11.05.2014 00:06
Hallo Schrauber
Things going much better. Es hat sich eine Menge Gutes getan, denke ich. Alle von mir vorab geschilderten Vorkomnisse sind mutmasslich unterbunden.

Hier die Logs

MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.05.2014
Suchlauf-Zeit: 00:09:14
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.10.11
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Oliver

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 297293
Verstrichene Zeit: 18 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner
Code:
# AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 00:54:44
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Oliver - OLIVER-PC
# Gestartet von : C:\Users\Oliver\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\SparPilotAddon
Ordner Gelöscht : C:\Program Files (x86)\Uninstaller

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\prefs.js ]


*************************

AdwCleaner[R0].txt - [1297 octets] - [11/05/2014 00:53:50]
AdwCleaner[S0].txt - [1214 octets] - [11/05/2014 00:54:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1274 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Oliver on 11.05.2014 at  0:27:50,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"



~~~ FireFox

Successfully deleted: [File] C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\2xpl5hn3.default-1390946476844\user.js
Successfully deleted the following from C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\2xpl5hn3.default-1390946476844\prefs.js

user_pref("extensions.crossrider.bic", "145d2c3f625162744d458fb4ece6c89b");
Emptied folder: C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\2xpl5hn3.default-1390946476844\minidumps [34 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.05.2014 at  0:33:33,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Oliver (administrator) on OLIVER-PC on 11-05-2014 00:58:55
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-02-24] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-25] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-26] ()
HKLM-x32\...\Run: [ASUS VIBE] => C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-02] (ecm)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2319975947-2091509605-1812867878-1001\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5356320 2012-03-28] (360Amigo)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [111720 2010-07-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100968 2010-07-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_95.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_95.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{7B19D712-9D08-426D-B532-BE89318B1264}] - C:\Windows\Installer\{C829CF6A-FBFD-408C-87E3-DB096E222785}\{7B19D712-9D08-426D-B532-BE89318B1264}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{C829CF6A-FBFD-408C-87E3-DB096E222785}\{7B19D712-9D08-426D-B532-BE89318B1264}.xpi [2014-05-08]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()

==================== Drivers (Whitelisted) ====================

R1 AmgHips; C:\Windows\System32\Drivers\AmgHips.sys [31008 2012-03-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 00:56 - 2014-05-11 00:57 - 00001358 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S0].txt
2014-05-11 00:53 - 2014-05-11 00:54 - 00000000 ____D () C:\AdwCleaner
2014-05-11 00:53 - 2014-05-11 00:53 - 01316991 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-05-11 00:36 - 2014-05-11 01:00 - 00015941 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-05-11 00:35 - 2014-05-11 00:35 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-05-11 00:33 - 2014-05-11 00:33 - 00002774 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-05-11 00:27 - 2014-05-11 00:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 00:17 - 2014-05-11 00:17 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-05-11 00:16 - 2014-05-11 00:16 - 00001151 _____ () C:\Users\Oliver\Desktop\MBAM.txt
2014-05-11 00:11 - 2014-05-11 00:56 - 00000112 _____ () C:\Windows\setupact.log
2014-05-11 00:11 - 2014-05-11 00:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-11 00:10 - 2014-05-11 00:57 - 00001016 _____ () C:\Windows\error.log
2014-05-11 00:10 - 2014-05-11 00:55 - 00011404 _____ () C:\Windows\PFRO.log
2014-05-11 00:10 - 2014-05-11 00:55 - 00000324 _____ () C:\Windows\errord.log
2014-05-11 00:09 - 2014-05-11 00:09 - 00001157 _____ () C:\Users\Oliver\Desktop\MBAM140511.txt
2014-05-10 23:46 - 2014-05-11 00:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 23:46 - 2014-05-10 23:46 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 23:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-10 23:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 23:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 23:44 - 2014-05-10 23:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieUserList
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieSiteList
2014-05-10 14:55 - 2014-05-10 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 23:21 - 2014-05-10 14:43 - 00001198 _____ () C:\Users\Oliver\Desktop\Neues Textdokument.txt
2014-05-09 23:08 - 2014-05-09 23:08 - 00016902 _____ () C:\Users\Oliver\Desktop\ComboFix.txt
2014-05-09 23:06 - 2014-05-09 23:06 - 00016902 _____ () C:\ComboFix.txt
2014-05-09 22:03 - 2014-05-09 23:07 - 00000000 ____D () C:\Qoobox
2014-05-09 22:03 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 22:03 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 22:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-09 22:02 - 2014-05-09 23:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 22:00 - 2014-05-09 22:01 - 05200039 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2014-05-09 21:45 - 2014-05-09 21:45 - 00001270 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2014-05-09 21:45 - 2014-05-09 21:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-08 22:11 - 2014-05-08 22:11 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-08 21:36 - 2014-05-08 21:36 - 00002614 _____ () C:\Users\Oliver\Desktop\gmer140508.log
2014-05-08 20:46 - 2014-05-08 20:50 - 00020320 _____ () C:\Users\Oliver\Desktop\Ereignisse.txt
2014-05-08 20:33 - 2014-05-08 20:51 - 00035813 _____ () C:\Users\Oliver\Desktop\FRST0508.txt
2014-05-08 20:33 - 2014-05-08 20:34 - 00033861 _____ () C:\Users\Oliver\Desktop\Addition0508.txt
2014-05-08 20:32 - 2014-05-11 00:58 - 00000000 ____D () C:\FRST
2014-05-08 20:31 - 2014-05-08 20:31 - 00000474 _____ () C:\Users\Oliver\Desktop\defogger_disable.log
2014-05-08 20:31 - 2014-05-08 20:31 - 00000000 _____ () C:\Users\Oliver\defogger_reenable
2014-05-08 20:30 - 2014-05-11 00:35 - 02065408 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-05-08 20:30 - 2014-05-08 13:24 - 00380416 _____ () C:\Users\Oliver\Desktop\Gmer-19357.exe
2014-05-08 20:30 - 2014-05-08 13:22 - 00050477 _____ () C:\Users\Oliver\Desktop\Defogger.exe
2014-05-07 20:25 - 2014-05-07 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 20:23 - 2014-05-07 20:23 - 19151024 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 21:37 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 21:37 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\dlg
2014-05-03 23:50 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 23:50 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 23:50 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 23:50 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 09:07 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 09:07 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 09:07 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-30 09:07 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-30 09:06 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-30 09:06 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 09:06 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 09:06 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 09:06 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 09:06 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 09:06 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 09:06 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 09:06 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 09:06 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-30 09:06 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 09:06 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 09:06 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 09:06 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-30 09:06 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-30 09:06 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 09:06 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 09:06 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-30 09:06 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-30 09:06 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-30 09:06 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-30 09:06 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 09:06 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-30 09:06 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-30 09:06 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-30 09:06 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 09:06 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-30 09:06 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 09:06 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-30 09:06 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-30 09:06 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 09:06 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-30 09:06 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-30 09:06 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-30 09:06 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 09:06 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 09:06 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 09:06 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-30 09:06 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-30 09:06 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-11 01:00 - 2014-05-11 00:36 - 00015941 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-05-11 01:00 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 01:00 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 01:00 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 00:58 - 2014-05-08 20:32 - 00000000 ____D () C:\FRST
2014-05-11 00:57 - 2014-05-11 00:56 - 00001358 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S0].txt
2014-05-11 00:57 - 2014-05-11 00:10 - 00001016 _____ () C:\Windows\error.log
2014-05-11 00:57 - 2009-07-14 04:34 - 00000498 _____ () C:\Windows\win.ini
2014-05-11 00:56 - 2014-05-11 00:11 - 00000112 _____ () C:\Windows\setupact.log
2014-05-11 00:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 00:55 - 2014-05-11 00:10 - 00011404 _____ () C:\Windows\PFRO.log
2014-05-11 00:55 - 2014-05-11 00:10 - 00000324 _____ () C:\Windows\errord.log
2014-05-11 00:55 - 2011-08-13 15:28 - 01379608 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 00:54 - 2014-05-11 00:53 - 00000000 ____D () C:\AdwCleaner
2014-05-11 00:53 - 2014-05-11 00:53 - 01316991 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-05-11 00:40 - 2012-12-16 01:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 00:35 - 2014-05-11 00:35 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-05-11 00:35 - 2014-05-08 20:30 - 02065408 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-05-11 00:33 - 2014-05-11 00:33 - 00002774 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-05-11 00:27 - 2014-05-11 00:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 00:19 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 00:19 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 00:17 - 2014-05-11 00:17 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-05-11 00:16 - 2014-05-11 00:16 - 00001151 _____ () C:\Users\Oliver\Desktop\MBAM.txt
2014-05-11 00:15 - 2014-05-10 23:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 00:12 - 2011-03-19 22:10 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-05-11 00:11 - 2014-05-11 00:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-11 00:10 - 2012-10-30 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 00:09 - 2014-05-11 00:09 - 00001157 _____ () C:\Users\Oliver\Desktop\MBAM140511.txt
2014-05-10 23:46 - 2014-05-10 23:46 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 23:44 - 2014-05-10 23:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieUserList
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieSiteList
2014-05-10 14:55 - 2014-05-10 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 14:43 - 2014-05-09 23:21 - 00001198 _____ () C:\Users\Oliver\Desktop\Neues Textdokument.txt
2014-05-09 23:08 - 2014-05-09 23:08 - 00016902 _____ () C:\Users\Oliver\Desktop\ComboFix.txt
2014-05-09 23:07 - 2014-05-09 22:03 - 00000000 ____D () C:\Qoobox
2014-05-09 23:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-09 23:06 - 2014-05-09 23:06 - 00016902 _____ () C:\ComboFix.txt
2014-05-09 23:01 - 2014-05-09 22:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 22:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-09 22:01 - 2014-05-09 22:00 - 05200039 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2014-05-09 21:59 - 2012-02-16 09:33 - 00000000 ____D () C:\Program Files (x86)\BUDNI Fotowelt
2014-05-09 21:45 - 2014-05-09 21:45 - 00001270 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2014-05-09 21:45 - 2014-05-09 21:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-08 22:11 - 2014-05-08 22:11 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-08 22:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-08 22:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 21:36 - 2014-05-08 21:36 - 00002614 _____ () C:\Users\Oliver\Desktop\gmer140508.log
2014-05-08 20:51 - 2014-05-08 20:33 - 00035813 _____ () C:\Users\Oliver\Desktop\FRST0508.txt
2014-05-08 20:50 - 2014-05-08 20:46 - 00020320 _____ () C:\Users\Oliver\Desktop\Ereignisse.txt
2014-05-08 20:34 - 2014-05-08 20:33 - 00033861 _____ () C:\Users\Oliver\Desktop\Addition0508.txt
2014-05-08 20:31 - 2014-05-08 20:31 - 00000474 _____ () C:\Users\Oliver\Desktop\defogger_disable.log
2014-05-08 20:31 - 2014-05-08 20:31 - 00000000 _____ () C:\Users\Oliver\defogger_reenable
2014-05-08 20:31 - 2011-03-19 22:09 - 00000000 ____D () C:\Users\Oliver
2014-05-08 13:24 - 2014-05-08 20:30 - 00380416 _____ () C:\Users\Oliver\Desktop\Gmer-19357.exe
2014-05-08 13:22 - 2014-05-08 20:30 - 00050477 _____ () C:\Users\Oliver\Desktop\Defogger.exe
2014-05-07 21:15 - 2011-12-11 22:59 - 00000000 ____D () C:\Windows\Minidump
2014-05-07 20:25 - 2014-05-07 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 20:24 - 2012-12-16 01:00 - 00698032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-07 20:24 - 2012-12-16 01:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-07 20:24 - 2012-12-09 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 20:23 - 2014-05-07 20:23 - 19151024 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-06 21:32 - 2010-11-02 18:59 - 00002088 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-05-06 21:32 - 2010-11-02 18:59 - 00001411 _____ () C:\Windows\system32\ServiceFilter.ini
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\dlg
2014-05-04 23:16 - 2011-03-20 19:53 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-04 23:16 - 2011-03-20 19:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-30 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 16:01 - 2014-05-03 23:50 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 23:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 23:50 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 23:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 04:24 - 2014-05-06 21:37 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 21:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 18:08 - 2011-03-25 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 18:07 - 2013-08-17 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 18:04 - 2011-03-25 07:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 12:27

==================== End Of Log ============================
--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2014
Ran by Oliver at 2014-05-11 01:00:45
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
360Amigo System Speedup Free (HKLM-x32\...\360Amigo) (Version: 1.2.1.7900 - 360Amigo System SpeedUp)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.95 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.95 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0029 - ASUS)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.182 - Ecareme, Inc.)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CIB pdf brewer (HKLM\...\{E9E6A9B7-89B7-41D3-90A1-710E82427097}) (Version: 2.6.0034 - CIB software GmbH)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.0.1606_25588 - CyberLink Corp.)
CyberLink MediaShow Espresso (x32 Version: 5.0.1606_25588 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2609a - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3009.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3009.50 - CyberLink Corp.) Hidden
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender 12.2.0.6412p) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-x64 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.69.343 - Asus)
ExpressGate Cloud (x32 Version: 2.1.69.343 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
PM FASTrack v6 (HKLM-x32\...\PM FASTrack v6) (Version: 6.0.0 - RMC Project Management)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6162 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version:  - Oberon Media)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.16 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

07-05-2014 18:23:30 Windows Update
07-05-2014 20:30:52 Uniblue SpeedUpMyPC installation
09-05-2014 19:47:07 Revo Uninstaller's restore point - Freeven pro 1.2
09-05-2014 19:50:55 Revo Uninstaller's restore point - Freeven pro 1.2
09-05-2014 19:52:03 Revo Uninstaller's restore point - MediaPlayerplus
09-05-2014 19:57:07 Revo Uninstaller's restore point - BUDNI Fotowelt
09-05-2014 21:47:07 Revo Uninstaller's restore point - Download Protect
09-05-2014 21:48:35 Revo Uninstaller's restore point - Download Protect
09-05-2014 21:50:39 Revo Uninstaller's restore point - Download Protect

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12A86EA4-87DD-4F2F-ACD8-55F6097CDD1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {29864A4C-1610-42E6-A3D9-3875F8DB97DF} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {32CB9A6B-D194-4C5A-9870-3055EE58DFA0} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {39C7AFFB-30A7-41B9-A1B8-6950326D036E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {730C2B8E-9373-4FBD-83B5-203263B24D66} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {A188FD0F-C606-4F98-9E9D-F1DD527C004F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-07] (Adobe Systems Incorporated)
Task: {B24822A6-E444-49AC-B5C3-241342DAFA59} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DA21E825-B02A-4675-BE6B-D0206DB1016D} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {DDBD0AA8-232E-4053-8BB5-A1BF986FD60C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 18:21 - 2010-03-05 18:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-06 03:22 - 2010-05-06 03:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2010-11-02 18:59 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-05 18:21 - 2010-03-05 18:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-04-26 18:37 - 2010-04-26 18:37 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-11-02 18:17 - 2010-04-06 08:29 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-08-05 20:49 - 2013-08-05 20:41 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-07-26 16:26 - 2010-07-26 16:26 - 00010856 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-10 14:55 - 2014-05-10 14:55 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: VOPackage => C:\Users\Oliver\AppData\Roaming\VOPackage\VOPackage.exe /runonce

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2014 00:39:23 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000003731f0
ID des fehlerhaften Prozesses: 0x2c30
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (05/11/2014 00:58:14 AM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (05/11/2014 00:57:18 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (06/01/2013 10:57:27 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 478223 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (10/14/2012 01:25:49 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3230 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-09 22:13:58.507
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-09 22:13:58.351
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3883.85 MB
Available physical RAM: 2100.42 MB
Total Pagefile: 7765.88 MB
Available Pagefile: 5718.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.05 GB) (Free:87.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:427.59 GB) (Free:427.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 76BC31A2)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=428 GB) - (Type=OF Extended)

==================== End Of Log ============================
Noch einmal vielen Dank bis hierhin.

schrauber 11.05.2014 16:59

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

2Liga 17.05.2014 07:40
Hallo Schrauber

hier die Logs

ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97a60abf038de94691226a33212c7e5d
# engine=18234
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-12 08:00:08
# local_time=2014-05-12 10:00:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 24931131 151554658 0 0
# scanned=35681
# found=0
# cleaned=0
# scan_time=1092
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97a60abf038de94691226a33212c7e5d
# engine=18252
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-17 06:27:17
# local_time=2014-05-17 08:27:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 25314360 151937887 0 0
# scanned=166279
# found=0
# cleaned=0
# scan_time=3287
checkup
Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 14.0.0.101 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
 Google Chrome 3.0.195.27 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST frisch
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Oliver (administrator) on OLIVER-PC on 17-05-2014 08:33:16
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Hearts\Hearts.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-02-24] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-25] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-26] ()
HKLM-x32\...\Run: [ASUS VIBE] => C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-02] (ecm)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2319975947-2091509605-1812867878-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-02] (Google Inc.)
HKU\S-1-5-21-2319975947-2091509605-1812867878-1001\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5356320 2012-03-28] (360Amigo)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [111720 2010-07-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100968 2010-07-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.2 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_101.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_101.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\2xpl5hn3.default-1390946476844\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{7B19D712-9D08-426D-B532-BE89318B1264}] - C:\Windows\Installer\{C829CF6A-FBFD-408C-87E3-DB096E222785}\{7B19D712-9D08-426D-B532-BE89318B1264}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{C829CF6A-FBFD-408C-87E3-DB096E222785}\{7B19D712-9D08-426D-B532-BE89318B1264}.xpi [2014-05-08]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()

==================== Drivers (Whitelisted) ====================

R1 AmgHips; C:\Windows\System32\Drivers\AmgHips.sys [31008 2012-03-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-05] (Avira GmbH)
R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 08:32 - 2014-05-17 08:32 - 00000715 _____ () C:\Users\Oliver\Desktop\checkup.txt
2014-05-17 08:29 - 2014-05-17 08:29 - 00855379 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-05-12 21:37 - 2014-05-12 21:37 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-05-11 01:00 - 2014-05-11 01:01 - 00027883 _____ () C:\Users\Oliver\Desktop\Addition.txt
2014-05-11 00:56 - 2014-05-11 00:57 - 00001358 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S0].txt
2014-05-11 00:53 - 2014-05-11 00:54 - 00000000 ____D () C:\AdwCleaner
2014-05-11 00:53 - 2014-05-11 00:53 - 01316991 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-05-11 00:36 - 2014-05-17 08:33 - 00016594 _____ () C:\Users\Oliver\Desktop\FRST0517.txt
2014-05-11 00:35 - 2014-05-17 08:33 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-05-11 00:33 - 2014-05-11 00:33 - 00002774 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-05-11 00:27 - 2014-05-11 00:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 00:17 - 2014-05-11 00:17 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-05-11 00:16 - 2014-05-11 00:16 - 00001151 _____ () C:\Users\Oliver\Desktop\MBAM.txt
2014-05-11 00:09 - 2014-05-11 00:09 - 00001157 _____ () C:\Users\Oliver\Desktop\MBAM140511.txt
2014-05-10 23:46 - 2014-05-11 00:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 23:46 - 2014-05-10 23:46 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 23:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-10 23:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-10 23:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 23:44 - 2014-05-10 23:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieUserList
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieSiteList
2014-05-10 14:55 - 2014-05-10 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 23:21 - 2014-05-10 14:43 - 00001198 _____ () C:\Users\Oliver\Desktop\Neues Textdokument.txt
2014-05-09 23:08 - 2014-05-09 23:08 - 00016902 _____ () C:\Users\Oliver\Desktop\ComboFix.txt
2014-05-09 23:06 - 2014-05-09 23:06 - 00016902 _____ () C:\ComboFix.txt
2014-05-09 22:03 - 2014-05-09 23:07 - 00000000 ____D () C:\Qoobox
2014-05-09 22:03 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 22:03 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 22:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 22:03 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-09 22:02 - 2014-05-09 23:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 22:00 - 2014-05-09 22:01 - 05200039 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2014-05-09 21:45 - 2014-05-09 21:45 - 00001270 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2014-05-09 21:45 - 2014-05-09 21:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-08 22:11 - 2014-05-08 22:11 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-08 21:36 - 2014-05-08 21:36 - 00002614 _____ () C:\Users\Oliver\Desktop\gmer140508.log
2014-05-08 20:46 - 2014-05-08 20:50 - 00020320 _____ () C:\Users\Oliver\Desktop\Ereignisse.txt
2014-05-08 20:33 - 2014-05-08 20:51 - 00035813 _____ () C:\Users\Oliver\Desktop\FRST0508.txt
2014-05-08 20:33 - 2014-05-08 20:34 - 00033861 _____ () C:\Users\Oliver\Desktop\Addition0508.txt
2014-05-08 20:32 - 2014-05-17 08:33 - 00000000 ____D () C:\FRST
2014-05-08 20:31 - 2014-05-08 20:31 - 00000474 _____ () C:\Users\Oliver\Desktop\defogger_disable.log
2014-05-08 20:31 - 2014-05-08 20:31 - 00000000 _____ () C:\Users\Oliver\defogger_reenable
2014-05-08 20:30 - 2014-05-17 08:33 - 02067456 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-05-08 20:30 - 2014-05-08 13:24 - 00380416 _____ () C:\Users\Oliver\Desktop\Gmer-19357.exe
2014-05-08 20:30 - 2014-05-08 13:22 - 00050477 _____ () C:\Users\Oliver\Desktop\Defogger.exe
2014-05-07 20:25 - 2014-05-07 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 21:37 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 21:37 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\dlg
2014-05-03 23:50 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 23:50 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 23:50 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 23:50 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 09:07 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 09:07 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 09:07 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-30 09:07 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-30 09:06 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-30 09:06 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 09:06 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 09:06 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 09:06 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 09:06 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 09:06 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 09:06 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 09:06 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 09:06 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-30 09:06 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 09:06 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 09:06 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 09:06 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-30 09:06 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-30 09:06 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 09:06 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 09:06 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-30 09:06 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-30 09:06 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-30 09:06 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-30 09:06 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 09:06 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-30 09:06 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-30 09:06 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-30 09:06 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 09:06 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-30 09:06 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 09:06 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-30 09:06 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-30 09:06 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 09:06 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-30 09:06 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-30 09:06 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-30 09:06 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 09:06 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 09:06 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 09:06 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-30 09:06 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-30 09:06 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-17 08:33 - 2014-05-11 00:36 - 00016594 _____ () C:\Users\Oliver\Desktop\FRST0517.txt
2014-05-17 08:33 - 2014-05-11 00:35 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-05-17 08:33 - 2014-05-08 20:32 - 00000000 ____D () C:\FRST
2014-05-17 08:33 - 2014-05-08 20:30 - 02067456 _____ (Farbar) C:\Users\Oliver\Desktop\FRST64.exe
2014-05-17 08:32 - 2014-05-17 08:32 - 00000715 _____ () C:\Users\Oliver\Desktop\checkup.txt
2014-05-17 08:29 - 2014-05-17 08:29 - 00855379 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-05-17 07:50 - 2011-08-13 15:28 - 01574946 ____N () C:\Windows\WindowsUpdate.log
2014-05-17 07:40 - 2012-12-16 01:00 - 00698032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 07:40 - 2012-12-16 01:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-17 07:40 - 2012-12-16 01:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 07:40 - 2012-12-09 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 23:02 - 2011-03-25 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 23:00 - 2013-08-17 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:55 - 2011-03-25 07:44 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 07:14 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 07:14 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 22:09 - 2009-07-14 04:34 - 00000498 _____ () C:\Windows\win.ini
2014-05-12 22:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 21:39 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-12 21:39 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-12 21:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 21:37 - 2014-05-12 21:37 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-05-11 16:41 - 2011-03-19 22:10 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-05-11 01:01 - 2014-05-11 01:00 - 00027883 _____ () C:\Users\Oliver\Desktop\Addition.txt
2014-05-11 00:57 - 2014-05-11 00:56 - 00001358 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S0].txt
2014-05-11 00:54 - 2014-05-11 00:53 - 00000000 ____D () C:\AdwCleaner
2014-05-11 00:53 - 2014-05-11 00:53 - 01316991 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-05-11 00:33 - 2014-05-11 00:33 - 00002774 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-05-11 00:27 - 2014-05-11 00:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 00:17 - 2014-05-11 00:17 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-05-11 00:16 - 2014-05-11 00:16 - 00001151 _____ () C:\Users\Oliver\Desktop\MBAM.txt
2014-05-11 00:15 - 2014-05-10 23:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 00:10 - 2012-10-30 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 00:09 - 2014-05-11 00:09 - 00001157 _____ () C:\Users\Oliver\Desktop\MBAM140511.txt
2014-05-10 23:46 - 2014-05-10 23:46 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-10 23:46 - 2014-05-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 23:44 - 2014-05-10 23:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieUserList
2014-05-10 15:04 - 2014-05-10 15:04 - 00000000 __SHD () C:\Users\Oliver\AppData\Local\EmieSiteList
2014-05-10 14:55 - 2014-05-10 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 14:43 - 2014-05-09 23:21 - 00001198 _____ () C:\Users\Oliver\Desktop\Neues Textdokument.txt
2014-05-09 23:08 - 2014-05-09 23:08 - 00016902 _____ () C:\Users\Oliver\Desktop\ComboFix.txt
2014-05-09 23:07 - 2014-05-09 22:03 - 00000000 ____D () C:\Qoobox
2014-05-09 23:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-09 23:06 - 2014-05-09 23:06 - 00016902 _____ () C:\ComboFix.txt
2014-05-09 23:01 - 2014-05-09 22:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 22:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-09 22:01 - 2014-05-09 22:00 - 05200039 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2014-05-09 21:59 - 2012-02-16 09:33 - 00000000 ____D () C:\Program Files (x86)\BUDNI Fotowelt
2014-05-09 21:45 - 2014-05-09 21:45 - 00001270 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2014-05-09 21:45 - 2014-05-09 21:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-08 22:11 - 2014-05-08 22:11 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-08 22:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-08 22:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 21:36 - 2014-05-08 21:36 - 00002614 _____ () C:\Users\Oliver\Desktop\gmer140508.log
2014-05-08 20:51 - 2014-05-08 20:33 - 00035813 _____ () C:\Users\Oliver\Desktop\FRST0508.txt
2014-05-08 20:50 - 2014-05-08 20:46 - 00020320 _____ () C:\Users\Oliver\Desktop\Ereignisse.txt
2014-05-08 20:34 - 2014-05-08 20:33 - 00033861 _____ () C:\Users\Oliver\Desktop\Addition0508.txt
2014-05-08 20:31 - 2014-05-08 20:31 - 00000474 _____ () C:\Users\Oliver\Desktop\defogger_disable.log
2014-05-08 20:31 - 2014-05-08 20:31 - 00000000 _____ () C:\Users\Oliver\defogger_reenable
2014-05-08 20:31 - 2011-03-19 22:09 - 00000000 ____D () C:\Users\Oliver
2014-05-08 13:24 - 2014-05-08 20:30 - 00380416 _____ () C:\Users\Oliver\Desktop\Gmer-19357.exe
2014-05-08 13:22 - 2014-05-08 20:30 - 00050477 _____ () C:\Users\Oliver\Desktop\Defogger.exe
2014-05-07 21:15 - 2011-12-11 22:59 - 00000000 ____D () C:\Windows\Minidump
2014-05-07 20:25 - 2014-05-07 20:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 21:32 - 2010-11-02 18:59 - 00002088 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-05-06 21:32 - 2010-11-02 18:59 - 00001411 _____ () C:\Windows\system32\ServiceFilter.ini
2014-05-04 23:16 - 2014-05-04 23:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\dlg
2014-05-04 23:16 - 2011-03-20 19:53 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-04 23:16 - 2011-03-20 19:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-30 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 16:01 - 2014-05-03 23:50 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 23:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 23:50 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 23:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Noch mal danke bis dahin :)

2Liga

schrauber 17.05.2014 20:09
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131