Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivirus security pro blockiert Laptop (https://www.trojaner-board.de/144529-antivirus-security-pro-blockiert-laptop.html)

Bernchen 13.11.2013 22:17
Antivirus security pro blockiert Laptop
 
Hallo,
meine Freundin hat sich gestern den antivirus security pro eingefangen. Er blockiert komplett den Internetzugang. Er hat sie beim skypen rausgeschmissen und seitdem geht nichts mehr was mit dem Internet zu tun hat.
Da sie keine wichtigen Daten auf dem Rechner hat, spielen wir mit dem Gedanken, alles komplett zu löschen und neu aufzubauen. Bringt das was oder bleiben noch Reste von dem "Biest"? Und kann man eventuell doch ein paar Daten wie Fotos retten?
Ich hab mal alle Programme, die in diesem Forum zu den antivirus security pro problem erwähnt wurden (frst,combofix) aufeinen Stick gezogen, weil wie gesagt kein Internetzugang vom befallenen Rechner möglich ist.
Ach so: Das Opfer läuft unter Windows Vista. Hoffe uns kann jemand helfen.

cosinus 13.11.2013 23:14
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Bernchen 14.11.2013 19:50
Danke für die schnelle Antwort. Hier der frst

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Asus (administrator) on ASUS-ПК on 14-11-2013 19:24:08
Running from C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GF5LAB0
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: Russian
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(CyberLink Corp.) C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program files\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(CyberLink) C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ICQ, LLC.) C:\Program Files\ICQ7.2\ICQ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Farbar) C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GF5LAB0\FRST[1].exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [DisableS3S4] - c:\DisableS3S4.cmd
HKLM\...\Run: [RemoteControl8] - C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [P2Go_Menu] - C:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-02] (ASUS)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE [1392640 2009-04-30] (VIA)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [540576 2009-04-21] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Wireless Console 3] - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-06] ()
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-08-19] (ASUS)
HKLM\...\Run: [ADSMTray] - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-03-31] (ASUSTek Computer Inc.)
HKLM\...\Run: [ACMON] - C:\Program Files\ASUS\Splendid\ACMON.exe [851968 2008-09-30] (ATK)
HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\AsScrProlog.exe [47672 2009-07-14] ()
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3054136 2009-07-14] (ASUS)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2011-06-02] (SweetIM Technologies Ltd.)
HKLM\...\Run: [ROC_roc_dec12] - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [220744 2012-02-02] (Geek Software GmbH)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [Otshot] - c:\program files\otshot\otshot.exe -minimize
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-app?lic="&"inst=NzctMTMzNzE1NzM2MS1CQVI5TysxLUZMKzktUUlYMSs0LVgyMDEwKzItQ0lBMTArMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtVFVHKzMtUzFJKzEtU1UzKzEtRERUKzQ5MTA1LUREMTBGKzEtU1QxMEZBUFArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJSKzExLVZJUDEyKzEtVTEwKzEtVEwrMS1TVDEyRk9JKzE"&"prod=0"&"ver=10.0.1424
HKLM\...\Policies\Explorer\Run: [] - 1 No File
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [Звуковая карта SRS Premium Sound для ПК] - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3405048 2009-04-07] (SRS Labs, Inc.)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-10] (Yahoo! Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-15] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [AS2014] - C:\ProgramData\Xn9nnoR3\Xn9nnoR3.exe [583168 2013-11-12] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Runonce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FBSMTWB; GTB6.4; SIMBAR={990DB94C-816F-4589-BBBE-92E7C3F297F6}; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"hxxp://www.spellentuin.nl/spellen/paardrijden.dcr"
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
MountPoints2: {be019e9c-c79c-11de-9863-d739a971be40} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe reva.vbs
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Яндекс = hxxp://yandex.ru/yandsearch?clid=47093&text={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1011192040\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - (No Name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} -  No File
URLSearchHook: HKCU - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111316&tt=010712_2&babsrc=SP_ss&mntrId=96c72d430000000000000025d34206a6
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111316&tt=010712_2&babsrc=SP_ss&mntrId=96c72d430000000000000025d34206a6
SearchScopes: HKCU - {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={FDD9378D-DD0B-41ee-BE4D-04DDA675E72D}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6C6BA6FC-C3E0-42E1-B5C3-4061253D927C} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {714F7BEC-8CC1-47C8-A655-58A40E1A16F4} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {71DDF99D-3FB1-4EFB-A721-216319D6C350} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {91397D20-1446-11D4-8AF4-0040CA1127B6} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os&clid=1836589
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={FDA87F01-4C3B-4749-94BF-0ECC70F1740E}&mid=a8ae1f29151b5dc1e65f48d920e6c52c-c9bd69cc2cf52e167c3d1b4c15ed36ef1e9d8e8b&lang=de&ds=AVG&pr=pr&d=2012-06-21 18:18:34&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AD2D8EA5-305B-4B46-8B7C-7D19BC11C12A} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll No File
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll No File
BHO: Fast Browser Search Toolbar Helper - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1011192040\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - WEB.DE Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default
FF user.js: detected! => C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF Homepage: hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=HP_ss&mntrId=96c72d430000000000000025d34206a6
FF Keyword.URL: hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=KW_ss&mntrId=96c72d430000000000000025d34206a6&q=
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.1 - C:\Users\Asus\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Browser Companion Helper - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\Extensions\bbrs_002@blabbers.com
FF Extension: toolbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\Extensions\toolbar@web.de.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files\PriceGong\2.5.1\FF
FF Extension: PriceGong - C:\Program Files\PriceGong\2.5.1\FF

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-30] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S3 DFSR; C:\Windows\system32\DFSR.exe [2092544 2009-04-11] (Корпорация Майкрософт)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [70880 2009-04-07] (SRS Labs, Inc.)
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Корпорация Майкрософт)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.)
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2009-07-14] (ASUSTek Computer Inc)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic)
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] (Корпорация Intel)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [90112 2009-04-21] (ELAN Microelectronic Corp.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
S1 mnearbnc; C:\Windows\system32\drivers\mnearbnc.sys [43600 2013-11-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233128 2009-04-01] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1019392 2009-04-28] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 19:23 - 2013-11-14 19:23 - 00000000 ____D C:\FRST
2013-11-14 19:19 - 2013-11-14 19:19 - 00000000 ____D C:\Users\Asus\AppData\Local\{F9C2C013-3E93-489F-AE4E-9BA6EFBD51CE}
2013-11-14 19:18 - 2013-11-14 19:18 - 00043600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mnearbnc.sys
2013-11-14 19:17 - 2013-11-14 19:17 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2013-11-12 22:37 - 2013-11-12 22:37 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-12 22:10 - 2013-11-14 19:09 - 00000000 ____D C:\ProgramData\Xn9nnoR3
2013-11-10 14:33 - 2013-11-10 14:33 - 00127176 _____ C:\Windows\KB2845142.log
2013-11-10 14:33 - 2013-11-10 14:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2845142_WM64$
2013-11-10 14:33 - 2007-07-27 09:41 - 00016760 ____N (Microsoft Corporation) C:\Windows\system32\spmsg.dll
2013-11-10 13:39 - 2013-11-10 13:39 - 00000000 ____D C:\ProgramData\UUdb
2013-11-10 13:25 - 2013-11-10 13:25 - 00000000 ____D C:\Windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-10 12:44 - 2013-11-10 12:44 - 00000000 ____D C:\Users\Asus\AppData\Local\{0B5A40C6-EAC5-4D72-8B91-C70D84A1F9F9}
2013-11-04 09:37 - 2013-09-23 13:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-04 09:37 - 2013-09-23 13:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-04 09:37 - 2013-09-23 13:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-04 09:37 - 2013-09-23 13:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-04 09:37 - 2013-09-23 13:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-04 09:37 - 2013-09-23 13:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-04 09:37 - 2013-09-23 13:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-04 09:37 - 2013-09-23 13:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-11-04 09:37 - 2013-09-23 12:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-04 09:37 - 2013-09-23 10:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-04 09:37 - 2013-09-23 10:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-04 09:37 - 2013-09-23 10:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-04 09:37 - 2013-09-23 10:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-04 09:37 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-04 09:37 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-04 09:37 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-04 09:37 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-04 09:37 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-04 09:37 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-04 09:37 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-04 09:37 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-04 09:37 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-04 09:37 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-04 09:37 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-04 09:37 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-04 09:37 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-04 09:37 - 2011-05-05 14:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-04 09:36 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-04 09:36 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 09:36 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-04 09:36 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-04 09:36 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-04 09:36 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-04 09:36 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-04 09:35 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-04 09:03 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-04 03:48 - 2013-11-04 03:48 - 00000000 ____D C:\Users\Asus\AppData\Local\{F5075D81-06B8-4202-953D-E647D890B8B3}
2013-11-04 03:30 - 2013-11-10 13:57 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-11-14 19:25 - 2009-09-23 20:48 - 00000442 ____H C:\Windows\Tasks\User_Feed_Synchronization-{9F82B765-94FA-498A-9F1B-34E21C463720}.job
2013-11-14 19:25 - 2009-07-14 10:29 - 01997936 _____ C:\Windows\WindowsUpdate.log
2013-11-14 19:23 - 2013-11-14 19:23 - 00000000 ____D C:\FRST
2013-11-14 19:22 - 2009-09-22 11:54 - 00001356 _____ C:\Users\Asus\AppData\Local\d3d9caps.dat
2013-11-14 19:21 - 2008-01-21 06:59 - 01512502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 19:21 - 2008-01-21 06:59 - 00671952 _____ C:\Windows\system32\perfh019.dat
2013-11-14 19:21 - 2008-01-21 06:59 - 00134454 _____ C:\Windows\system32\perfc019.dat
2013-11-14 19:20 - 2006-11-02 13:49 - 00236363 _____ C:\Windows\setupact.log
2013-11-14 19:19 - 2013-11-14 19:19 - 00000000 ____D C:\Users\Asus\AppData\Local\{F9C2C013-3E93-489F-AE4E-9BA6EFBD51CE}
2013-11-14 19:19 - 2010-11-10 20:30 - 00000000 ____D C:\Users\Asus\AppData\Local\Windows Live
2013-11-14 19:18 - 2013-11-14 19:18 - 00043600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mnearbnc.sys
2013-11-14 19:18 - 2010-01-26 13:40 - 00000000 ____D C:\Users\Asus\AppData\Local\CrashDumps
2013-11-14 19:18 - 2009-09-19 06:23 - 00000000 ____D C:\Users\Asus\Tracing
2013-11-14 19:17 - 2013-11-14 19:17 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2013-11-14 19:17 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing
2013-11-14 19:16 - 2009-11-14 14:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-14 19:16 - 2009-07-14 11:40 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-11-14 19:16 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 19:16 - 2006-11-02 13:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 19:16 - 2006-11-02 13:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 19:10 - 2008-04-13 23:19 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-14 19:10 - 2006-11-02 13:58 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-14 19:09 - 2013-11-12 22:10 - 00000000 ____D C:\ProgramData\Xn9nnoR3
2013-11-13 19:26 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-12 22:37 - 2013-11-12 22:37 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-12 22:12 - 2009-09-15 16:29 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2013-11-12 22:10 - 2009-09-15 16:32 - 00000000 ____D C:\Users\Asus\AppData\Local\Google
2013-11-12 22:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-12 21:37 - 2006-11-02 13:44 - 00382216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:35 - 2010-05-27 03:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-12 21:32 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-11-12 21:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\ru-RU
2013-11-12 19:47 - 2009-07-14 10:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-12 19:44 - 2012-06-07 22:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-12 19:43 - 2012-06-07 22:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-10 14:33 - 2013-11-10 14:33 - 00127176 _____ C:\Windows\KB2845142.log
2013-11-10 14:33 - 2013-11-10 14:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2845142_WM64$
2013-11-10 13:57 - 2013-11-04 03:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-10 13:52 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-10 13:39 - 2013-11-10 13:39 - 00000000 ____D C:\ProgramData\UUdb
2013-11-10 13:39 - 2012-07-31 10:31 - 00000000 ____D C:\Program Files\1und1Softwareaktualisierung
2013-11-10 13:25 - 2013-11-10 13:25 - 00000000 ____D C:\Windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-10 12:44 - 2013-11-10 12:44 - 00000000 ____D C:\Users\Asus\AppData\Local\{0B5A40C6-EAC5-4D72-8B91-C70D84A1F9F9}
2013-11-04 05:22 - 2011-05-31 14:20 - 00000000 ____D C:\Users\Asus\Desktop\Uni
2013-11-04 03:48 - 2013-11-04 03:48 - 00000000 ____D C:\Users\Asus\AppData\Local\{F5075D81-06B8-4202-953D-E647D890B8B3}
2013-11-04 03:34 - 2009-09-15 16:50 - 00000000 ____D C:\Users\Asus\AppData\Roaming\ICQ
2013-11-03 18:43 - 2012-02-28 18:25 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-03 18:43 - 2008-01-21 04:02 - 00665108 _____ C:\Windows\PFRO.log

Files to move or delete:
====================
ZeroAccess:
C:\Users\Asus\AppData\Local\Google\Desktop\Install
C:\Users\Public\MyWebTattoo.exe
C:\Users\Public\RemoveSGP0.exe


Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\2187617.exe
C:\Users\Asus\AppData\Local\Temp\AskToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\AutoRun.exe
C:\Users\Asus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Asus\AppData\Local\Temp\avguidx.dll
C:\Users\Asus\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Asus\AppData\Local\Temp\contentDATs.exe
C:\Users\Asus\AppData\Local\Temp\CoreAAC.exe
C:\Users\Asus\AppData\Local\Temp\dotnetfx.exe
C:\Users\Asus\AppData\Local\Temp\FileSystemView.dll
C:\Users\Asus\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\Asus\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\hGu8YnFX.dll
C:\Users\Asus\AppData\Local\Temp\ie9lib.dll
C:\Users\Asus\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Asus\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Asus\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Asus\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Asus\AppData\Local\Temp\MSND34D.exe
C:\Users\Asus\AppData\Local\Temp\NSISPromotion.dll
C:\Users\Asus\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Asus\AppData\Local\Temp\PixelPlanetpdrv6.dll
C:\Users\Asus\AppData\Local\Temp\PixelPlanetpdui6.dll
C:\Users\Asus\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Asus\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Asus\AppData\Local\Temp\sqscl.dll
C:\Users\Asus\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Asus\AppData\Local\Temp\update.exe
C:\Users\Asus\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Asus\AppData\Local\Temp\x264_1.dll
C:\Users\Asus\AppData\Local\Temp\x264_2.dll
C:\Users\Asus\AppData\Local\Temp\x264_3.dll
C:\Users\Asus\AppData\Local\Temp\x264_4.dll
C:\Users\Asus\AppData\Local\Temp\x264_5.dll
C:\Users\Asus\AppData\Local\Temp\x264_6.dll
C:\Users\Asus\AppData\Local\Temp\x264_7.dll
C:\Users\Asus\AppData\Local\Temp\YontooSetup-S.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-14 19:32

==================== End Of Log ============================
--- --- ---

--- --- ---


und die addition

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Asus (administrator) on ASUS-ПК on 14-11-2013 19:24:08
Running from C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GF5LAB0
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: Russian
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(CyberLink Corp.) C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program files\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(CyberLink) C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ICQ, LLC.) C:\Program Files\ICQ7.2\ICQ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Farbar) C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GF5LAB0\FRST[1].exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [DisableS3S4] - c:\DisableS3S4.cmd
HKLM\...\Run: [RemoteControl8] - C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [P2Go_Menu] - C:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-02] (ASUS)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE [1392640 2009-04-30] (VIA)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [540576 2009-04-21] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Wireless Console 3] - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-06] ()
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-08-19] (ASUS)
HKLM\...\Run: [ADSMTray] - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-03-31] (ASUSTek Computer Inc.)
HKLM\...\Run: [ACMON] - C:\Program Files\ASUS\Splendid\ACMON.exe [851968 2008-09-30] (ATK)
HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\AsScrProlog.exe [47672 2009-07-14] ()
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3054136 2009-07-14] (ASUS)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2011-06-02] (SweetIM Technologies Ltd.)
HKLM\...\Run: [ROC_roc_dec12] - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [220744 2012-02-02] (Geek Software GmbH)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [Otshot] - c:\program files\otshot\otshot.exe -minimize
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-app?lic="&"inst=NzctMTMzNzE1NzM2MS1CQVI5TysxLUZMKzktUUlYMSs0LVgyMDEwKzItQ0lBMTArMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtVFVHKzMtUzFJKzEtU1UzKzEtRERUKzQ5MTA1LUREMTBGKzEtU1QxMEZBUFArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJSKzExLVZJUDEyKzEtVTEwKzEtVEwrMS1TVDEyRk9JKzE"&"prod=0"&"ver=10.0.1424
HKLM\...\Policies\Explorer\Run: [] - 1 No File
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [Звуковая карта SRS Premium Sound для ПК] - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3405048 2009-04-07] (SRS Labs, Inc.)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-10] (Yahoo! Inc.)
HKCU\...\Run: [ICQ] - C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-15] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [AS2014] - C:\ProgramData\Xn9nnoR3\Xn9nnoR3.exe [583168 2013-11-12] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Runonce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FBSMTWB; GTB6.4; SIMBAR={990DB94C-816F-4589-BBBE-92E7C3F297F6}; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"hxxp://www.spellentuin.nl/spellen/paardrijden.dcr"
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
MountPoints2: {be019e9c-c79c-11de-9863-d739a971be40} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe reva.vbs
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Яндекс = hxxp://yandex.ru/yandsearch?clid=47093&text={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1011192040\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - (No Name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} -  No File
URLSearchHook: HKCU - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111316&tt=010712_2&babsrc=SP_ss&mntrId=96c72d430000000000000025d34206a6
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111316&tt=010712_2&babsrc=SP_ss&mntrId=96c72d430000000000000025d34206a6
SearchScopes: HKCU - {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={FDD9378D-DD0B-41ee-BE4D-04DDA675E72D}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6C6BA6FC-C3E0-42E1-B5C3-4061253D927C} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {714F7BEC-8CC1-47C8-A655-58A40E1A16F4} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {71DDF99D-3FB1-4EFB-A721-216319D6C350} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {91397D20-1446-11D4-8AF4-0040CA1127B6} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os&clid=1836589
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={FDA87F01-4C3B-4749-94BF-0ECC70F1740E}&mid=a8ae1f29151b5dc1e65f48d920e6c52c-c9bd69cc2cf52e167c3d1b4c15ed36ef1e9d8e8b&lang=de&ds=AVG&pr=pr&d=2012-06-21 18:18:34&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AD2D8EA5-305B-4B46-8B7C-7D19BC11C12A} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll No File
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll No File
BHO: Fast Browser Search Toolbar Helper - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1011192040\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - WEB.DE Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default
FF user.js: detected! => C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF Homepage: hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=HP_ss&mntrId=96c72d430000000000000025d34206a6
FF Keyword.URL: hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=KW_ss&mntrId=96c72d430000000000000025d34206a6&q=
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.1 - C:\Users\Asus\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Browser Companion Helper - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\Extensions\bbrs_002@blabbers.com
FF Extension: toolbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\Extensions\toolbar@web.de.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files\PriceGong\2.5.1\FF
FF Extension: PriceGong - C:\Program Files\PriceGong\2.5.1\FF

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-30] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S3 DFSR; C:\Windows\system32\DFSR.exe [2092544 2009-04-11] (Корпорация Майкрософт)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [70880 2009-04-07] (SRS Labs, Inc.)
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Корпорация Майкрософт)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.)
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2009-07-14] (ASUSTek Computer Inc)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic)
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] (Корпорация Intel)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [90112 2009-04-21] (ELAN Microelectronic Corp.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
S1 mnearbnc; C:\Windows\system32\drivers\mnearbnc.sys [43600 2013-11-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233128 2009-04-01] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1019392 2009-04-28] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 19:23 - 2013-11-14 19:23 - 00000000 ____D C:\FRST
2013-11-14 19:19 - 2013-11-14 19:19 - 00000000 ____D C:\Users\Asus\AppData\Local\{F9C2C013-3E93-489F-AE4E-9BA6EFBD51CE}
2013-11-14 19:18 - 2013-11-14 19:18 - 00043600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mnearbnc.sys
2013-11-14 19:17 - 2013-11-14 19:17 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2013-11-12 22:37 - 2013-11-12 22:37 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-12 22:10 - 2013-11-14 19:09 - 00000000 ____D C:\ProgramData\Xn9nnoR3
2013-11-10 14:33 - 2013-11-10 14:33 - 00127176 _____ C:\Windows\KB2845142.log
2013-11-10 14:33 - 2013-11-10 14:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2845142_WM64$
2013-11-10 14:33 - 2007-07-27 09:41 - 00016760 ____N (Microsoft Corporation) C:\Windows\system32\spmsg.dll
2013-11-10 13:39 - 2013-11-10 13:39 - 00000000 ____D C:\ProgramData\UUdb
2013-11-10 13:25 - 2013-11-10 13:25 - 00000000 ____D C:\Windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-10 12:44 - 2013-11-10 12:44 - 00000000 ____D C:\Users\Asus\AppData\Local\{0B5A40C6-EAC5-4D72-8B91-C70D84A1F9F9}
2013-11-04 09:37 - 2013-09-23 13:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-04 09:37 - 2013-09-23 13:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-04 09:37 - 2013-09-23 13:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-04 09:37 - 2013-09-23 13:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-04 09:37 - 2013-09-23 13:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-04 09:37 - 2013-09-23 13:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-04 09:37 - 2013-09-23 13:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-04 09:37 - 2013-09-23 13:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-04 09:37 - 2013-09-23 13:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-04 09:37 - 2013-09-23 13:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-11-04 09:37 - 2013-09-23 12:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-04 09:37 - 2013-09-23 10:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-04 09:37 - 2013-09-23 10:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-04 09:37 - 2013-09-23 10:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-04 09:37 - 2013-09-23 10:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-04 09:37 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-04 09:37 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-04 09:37 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-04 09:37 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-04 09:37 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-04 09:37 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-04 09:37 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-04 09:37 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-04 09:37 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-04 09:37 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-04 09:37 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-04 09:37 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-04 09:37 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-04 09:37 - 2011-05-05 14:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-04 09:36 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-04 09:36 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 09:36 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-04 09:36 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-04 09:36 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-04 09:36 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-04 09:36 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-04 09:35 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-04 09:03 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-04 03:48 - 2013-11-04 03:48 - 00000000 ____D C:\Users\Asus\AppData\Local\{F5075D81-06B8-4202-953D-E647D890B8B3}
2013-11-04 03:30 - 2013-11-10 13:57 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-11-14 19:25 - 2009-09-23 20:48 - 00000442 ____H C:\Windows\Tasks\User_Feed_Synchronization-{9F82B765-94FA-498A-9F1B-34E21C463720}.job
2013-11-14 19:25 - 2009-07-14 10:29 - 01997936 _____ C:\Windows\WindowsUpdate.log
2013-11-14 19:23 - 2013-11-14 19:23 - 00000000 ____D C:\FRST
2013-11-14 19:22 - 2009-09-22 11:54 - 00001356 _____ C:\Users\Asus\AppData\Local\d3d9caps.dat
2013-11-14 19:21 - 2008-01-21 06:59 - 01512502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 19:21 - 2008-01-21 06:59 - 00671952 _____ C:\Windows\system32\perfh019.dat
2013-11-14 19:21 - 2008-01-21 06:59 - 00134454 _____ C:\Windows\system32\perfc019.dat
2013-11-14 19:20 - 2006-11-02 13:49 - 00236363 _____ C:\Windows\setupact.log
2013-11-14 19:19 - 2013-11-14 19:19 - 00000000 ____D C:\Users\Asus\AppData\Local\{F9C2C013-3E93-489F-AE4E-9BA6EFBD51CE}
2013-11-14 19:19 - 2010-11-10 20:30 - 00000000 ____D C:\Users\Asus\AppData\Local\Windows Live
2013-11-14 19:18 - 2013-11-14 19:18 - 00043600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mnearbnc.sys
2013-11-14 19:18 - 2010-01-26 13:40 - 00000000 ____D C:\Users\Asus\AppData\Local\CrashDumps
2013-11-14 19:18 - 2009-09-19 06:23 - 00000000 ____D C:\Users\Asus\Tracing
2013-11-14 19:17 - 2013-11-14 19:17 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2013-11-14 19:17 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing
2013-11-14 19:16 - 2009-11-14 14:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-14 19:16 - 2009-07-14 11:40 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-11-14 19:16 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 19:16 - 2006-11-02 13:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 19:16 - 2006-11-02 13:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 19:10 - 2008-04-13 23:19 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-14 19:10 - 2006-11-02 13:58 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-14 19:09 - 2013-11-12 22:10 - 00000000 ____D C:\ProgramData\Xn9nnoR3
2013-11-13 19:26 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-12 22:37 - 2013-11-12 22:37 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-12 22:12 - 2009-09-15 16:29 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2013-11-12 22:10 - 2009-09-15 16:32 - 00000000 ____D C:\Users\Asus\AppData\Local\Google
2013-11-12 22:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-12 21:37 - 2006-11-02 13:44 - 00382216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:35 - 2010-05-27 03:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-12 21:32 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-11-12 21:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\ru-RU
2013-11-12 19:47 - 2009-07-14 10:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-12 19:44 - 2012-06-07 22:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-12 19:43 - 2012-06-07 22:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-10 14:33 - 2013-11-10 14:33 - 00127176 _____ C:\Windows\KB2845142.log
2013-11-10 14:33 - 2013-11-10 14:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2845142_WM64$
2013-11-10 13:57 - 2013-11-04 03:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-10 13:52 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-10 13:39 - 2013-11-10 13:39 - 00000000 ____D C:\ProgramData\UUdb
2013-11-10 13:39 - 2012-07-31 10:31 - 00000000 ____D C:\Program Files\1und1Softwareaktualisierung
2013-11-10 13:25 - 2013-11-10 13:25 - 00000000 ____D C:\Windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-10 12:44 - 2013-11-10 12:44 - 00000000 ____D C:\Users\Asus\AppData\Local\{0B5A40C6-EAC5-4D72-8B91-C70D84A1F9F9}
2013-11-04 05:22 - 2011-05-31 14:20 - 00000000 ____D C:\Users\Asus\Desktop\Uni
2013-11-04 03:48 - 2013-11-04 03:48 - 00000000 ____D C:\Users\Asus\AppData\Local\{F5075D81-06B8-4202-953D-E647D890B8B3}
2013-11-04 03:34 - 2009-09-15 16:50 - 00000000 ____D C:\Users\Asus\AppData\Roaming\ICQ
2013-11-03 18:43 - 2012-02-28 18:25 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-03 18:43 - 2008-01-21 04:02 - 00665108 _____ C:\Windows\PFRO.log

Files to move or delete:
====================
ZeroAccess:
C:\Users\Asus\AppData\Local\Google\Desktop\Install
C:\Users\Public\MyWebTattoo.exe
C:\Users\Public\RemoveSGP0.exe


Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\2187617.exe
C:\Users\Asus\AppData\Local\Temp\AskToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\AutoRun.exe
C:\Users\Asus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Asus\AppData\Local\Temp\avguidx.dll
C:\Users\Asus\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Asus\AppData\Local\Temp\contentDATs.exe
C:\Users\Asus\AppData\Local\Temp\CoreAAC.exe
C:\Users\Asus\AppData\Local\Temp\dotnetfx.exe
C:\Users\Asus\AppData\Local\Temp\FileSystemView.dll
C:\Users\Asus\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\Asus\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\hGu8YnFX.dll
C:\Users\Asus\AppData\Local\Temp\ie9lib.dll
C:\Users\Asus\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Asus\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Asus\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Asus\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Asus\AppData\Local\Temp\MSND34D.exe
C:\Users\Asus\AppData\Local\Temp\NSISPromotion.dll
C:\Users\Asus\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Asus\AppData\Local\Temp\PixelPlanetpdrv6.dll
C:\Users\Asus\AppData\Local\Temp\PixelPlanetpdui6.dll
C:\Users\Asus\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Asus\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Asus\AppData\Local\Temp\sqscl.dll
C:\Users\Asus\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Asus\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Asus\AppData\Local\Temp\update.exe
C:\Users\Asus\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Asus\AppData\Local\Temp\x264_1.dll
C:\Users\Asus\AppData\Local\Temp\x264_2.dll
C:\Users\Asus\AppData\Local\Temp\x264_3.dll
C:\Users\Asus\AppData\Local\Temp\x264_4.dll
C:\Users\Asus\AppData\Local\Temp\x264_5.dll
C:\Users\Asus\AppData\Local\Temp\x264_6.dll
C:\Users\Asus\AppData\Local\Temp\x264_7.dll
C:\Users\Asus\AppData\Local\Temp\YontooSetup-S.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-14 19:32

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 15.11.2013 00:26
Was ist mit meiner Frage nach anderen Logs, Funden von Virenscannern?

Zitat:
ZeroAccess:
C:\Users\Asus\AppData\Local\Google\Desktop\Install
C:\Users\Public\MyWebTattoo.exe
C:\Users\Public\RemoveSGP0.exe
Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

Bernchen 15.11.2013 14:49
Das klingt gar nicht gut :-( Weitere Logs und Funde von Virenscannern gibt es nicht, da alles blockiert wurde.
Ich habe wie gesagt einige Antivirenprogramme auf einen Stick gezogen und den dann an den infizierten Rechner angestöpselt. Als ich den Stick am Rechner hatte und frst starten wollte, kam die Meldung, dass das nicht die aktuellste Version sei. Der anschließende Download hat dann ohne Probleme geklappt und ins Internet kommt ich auch wieder, was vorher, also ohne USB-Stick, nicht ging.
Onlinebanking macht meine Freundin über die Handy TAN. Auf dem Konto gab es bisher auch keine unangenehmen bzw. unerwarteten Bewegungen nach unten.

Mit der Bereinigung wollen wir fortfahren.

cosinus 15.11.2013 15:38
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bernchen 16.11.2013 01:15
Am Anfang hat combofix die Warnung gegeben, dass Microsoft security essential noch aktiv ist. ich habs dann deinstaliert und dann combofix auf die jagd geschickt. Während dem scan kam zweimal die meldung, dass Windows sich updaten will. Das hab ich dann weggeklickt. Hier der Logfile
Code:
ComboFix 13-11-15.01 - Asus 16.11.2013  0:32.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1251.7.1049.18.1790.338 [GMT 1:00]
Running from: c:\users\Asus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSC03325.JPG
C:\DSC03326.JPG
C:\DSC03327.JPG
C:\DSC03329.JPG
C:\DSC03330.JPG
C:\DSC03335.JPG
C:\DSC03336.JPG
C:\DSC03339.JPG
c:\program files\BrowserCompanion
c:\program files\Common Files\ASPG_icon.ico
c:\program files\Complitly
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\PriceGong
c:\program files\PriceGong\2.5.1\FF\chrome.manifest
c:\program files\PriceGong\2.5.1\FF\chrome\content\options.js
c:\program files\PriceGong\2.5.1\FF\chrome\content\options.xul
c:\program files\PriceGong\2.5.1\FF\chrome\content\overlay.js
c:\program files\PriceGong\2.5.1\FF\chrome\content\PriceGong.png
c:\program files\PriceGong\2.5.1\FF\chrome\content\pricegong.xul
c:\program files\PriceGong\2.5.1\FF\chrome\locale\en-US\overlay.dtd
c:\program files\PriceGong\2.5.1\FF\chrome\locale\en-US\pricegong.dtd
c:\program files\PriceGong\2.5.1\FF\chrome\skin\overlay.css
c:\program files\PriceGong\2.5.1\FF\components\pg_inst.txt
c:\program files\PriceGong\2.5.1\FF\components\PriceGong.xpt
c:\program files\PriceGong\2.5.1\FF\components\PriceGongFF.dll
c:\program files\PriceGong\2.5.1\FF\components\PriceGongFF_50.dll
c:\program files\PriceGong\2.5.1\FF\install.rdf
c:\program files\PriceGong\2.5.1\FF\modules\Observers.js
c:\program files\PriceGong\2.5.1\FF\modules\pricegong.js
c:\program files\PriceGong\2.5.1\PriceGong.crx
c:\program files\PriceGong\2.5.1\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
c:\program files\SGPSA
c:\users\Asus\4.0
.
.
(((((((((((((((((((((((((  Files Created from 2013-10-15 to 2013-11-15  )))))))))))))))))))))))))))))))
.
.
2013-11-15 23:53 . 2013-11-15 23:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-15 22:35 . 2013-11-15 22:35        43600        ----a-w-        c:\windows\system32\drivers\hxefwdbw.sys
2013-11-14 19:04 . 2013-10-13 22:39        7796464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6A19263-5934-494B-9988-A6745AE9FC28}\mpengine.dll
2013-11-14 18:23 . 2013-11-14 18:23        --------        d-----w-        C:\FRST
2013-11-12 21:10 . 2013-11-15 22:35        --------        d-----w-        c:\programdata\Xn9nnoR3
2013-11-12 19:12 . 2013-10-13 22:39        7796464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-10 13:35 . 2013-10-17 10:14        719224        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EF8A37F-E770-44A3-9AE5-C9F7FA511F67}\gapaengine.dll
2013-11-10 12:39 . 2013-11-10 12:39        --------        d-----w-        c:\programdata\UUdb
2013-11-10 12:25 . 2013-11-10 12:25        --------        d-----w-        c:\windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-04 08:36 . 2013-06-26 23:01        527064        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2013-11-04 08:36 . 2013-06-04 04:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2013-11-04 08:36 . 2013-06-04 01:49        293376        ----a-w-        c:\windows\system32\atmfd.dll
2013-11-04 08:36 . 2013-07-12 09:04        134272        ----a-w-        c:\windows\system32\drivers\usbvideo.sys
2013-11-04 08:36 . 2013-07-12 09:04        73344        ----a-w-        c:\windows\system32\drivers\USBAUDIO.sys
2013-11-04 08:36 . 2013-07-20 10:44        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 08:36 . 2013-08-29 07:36        2050048        ----a-w-        c:\windows\system32\win32k.sys
2013-11-04 08:35 . 2013-07-04 04:21        532480        ----a-w-        c:\windows\system32\comctl32.dll
2013-11-04 08:03 . 2013-07-03 02:10        25472        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2013-11-04 02:30 . 2013-11-15 23:18        --------        d-----w-        c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 18:16 . 2009-07-14 10:40        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2013-10-17 10:14 . 2012-06-12 15:24        719224        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2008-10-14 10:57 . 2008-10-14 10:57        106496        ----a-w-        c:\program files\Common Files\CPInstallAction.dll
2012-02-16 15:16 . 2012-03-08 21:08        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-12-24 8729864]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-12-24 8729864]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 13:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Звуковая карта SRS Premium Sound для ПК"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD 8\Language\Language.exe" [2009-04-15 50472]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-02 8105984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-30 1392640]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-09-30 851968]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-14 47672]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-14 3054136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-02-02 220744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-app?lic=&inst=NzctMTMzNzE1NzM2MS1CQVI5TysxLUZMKzktUUlYMSs0LVgyMDEwKzItQ0lBMTArMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtVFVHKzMtUzFJKzEtU1UzKzEtRERUKzQ5MTA1LUREMTBGKzEtU1QxMEZBUFArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJSKzExLVZJUDEyKzEtVTEwKzEtVEwrMS1TVDEyRk9JKzE&prod=0&ver=10.0.1424" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe -d [2009-7-14 12862]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
MCtlSvc.lnk - c:\program files\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2010-10-22 88576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 06:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2009-09-28 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-09-27 15:55]
.
2013-11-15 c:\windows\Tasks\User_Feed_Synchronization-{9F82B765-94FA-498A-9F1B-34E21C463720}.job
- c:\windows\system32\msfeedssync.exe [2013-11-04 09:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google ВикиКомментарии... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=HP_ss&mntrId=96c72d430000000000000025d34206a6
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=KW_ss&mntrId=96c72d430000000000000025d34206a6&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111316&tt=010712_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 96c72d430000000000000025d34206a6
FF - user.js: extensions.BabylonToolbar_i.hardId - 96c72d430000000000000025d34206a6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15528
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-ICQ - ~c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-DisableS3S4 - c:\DisableS3S4.cmd
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
HKLM-Run-Otshot - c:\program files\otshot\otshot.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-16 00:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
scanning hidden files ... 
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"???????? ????? SRS Premium Sound ??? ??"="\"c:\\Program Files\\SRS Labs\\SRS Premium Sound\\SRSPremiumSoundBig_Small.exe\" /hideme"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(664)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Completion time: 2013-11-16  00:59:19
ComboFix-quarantined-files.txt  2013-11-15 23:59
.
Pre-Run: 35.572.473.856 bytes free
Post-Run: 42.412.724.224 байт свободно
.
- - End Of File - - D7C82399831186AEE890CF540D9765C8
64B1E91C5C6C2157642651010728F90F

cosinus 17.11.2013 00:03
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Folder::
    C:\Users\Asus\AppData\Local\Google\Desktop\Install

    File::
    c:\windows\system32\drivers\hxefwdbw.sys
    c:\programdata\Xn9nnoR3
    C:\Users\Public\MyWebTattoo.exe
    C:\Users\Public\RemoveSGP0.exe
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Bernchen 17.11.2013 21:36
Keine besonderen Vorkommnisse bei der Durchfühung
Code:
ComboFix 13-11-16.01 - Asus 17.11.2013  21:09:13.2.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1251.7.1049.18.1790.374 [GMT 1:00]
Running from: c:\users\Asus\Desktop\ComboFix.exe
Command switches used :: c:\users\Asus\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Xn9nnoR3"
"c:\users\Public\MyWebTattoo.exe"
"c:\users\Public\RemoveSGP0.exe"
"c:\windows\system32\drivers\hxefwdbw.sys"
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Asus\AppData\Local\Google\Desktop\Install
.
.
(((((((((((((((((((((((((  Files Created from 2013-10-17 to 2013-11-17  )))))))))))))))))))))))))))))))
.
.
2013-11-17 20:25 . 2013-11-17 20:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-16 12:09 . 2013-11-16 12:09        --------        d-----w-        c:\programdata\Oracle
2013-11-16 12:08 . 2013-11-16 12:08        --------        d-----w-        c:\program files\Common Files\Java
2013-11-16 12:07 . 2013-11-16 12:07        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-11-14 19:03 . 2013-10-11 02:08        444928        ----a-w-        c:\windows\system32\IKEEXT.DLL
2013-11-14 19:03 . 2013-10-11 02:07        596480        ----a-w-        c:\windows\system32\FWPUCLNT.DLL
2013-11-14 18:23 . 2013-11-14 18:23        --------        d-----w-        C:\FRST
2013-11-12 21:10 . 2013-11-15 22:35        --------        d-----w-        c:\programdata\Xn9nnoR3
2013-11-10 12:39 . 2013-11-10 12:39        --------        d-----w-        c:\programdata\UUdb
2013-11-10 12:25 . 2013-11-10 12:25        --------        d-----w-        c:\windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-04 08:36 . 2013-06-26 23:01        527064        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2013-11-04 08:36 . 2013-06-04 04:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2013-11-04 08:36 . 2013-06-04 01:49        293376        ----a-w-        c:\windows\system32\atmfd.dll
2013-11-04 08:36 . 2013-07-12 09:04        134272        ----a-w-        c:\windows\system32\drivers\usbvideo.sys
2013-11-04 08:36 . 2013-07-12 09:04        73344        ----a-w-        c:\windows\system32\drivers\USBAUDIO.sys
2013-11-04 08:36 . 2013-07-20 10:44        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 08:36 . 2013-08-29 07:36        2050048        ----a-w-        c:\windows\system32\win32k.sys
2013-11-04 08:35 . 2013-07-04 04:21        532480        ----a-w-        c:\windows\system32\comctl32.dll
2013-11-04 08:03 . 2013-07-03 02:10        25472        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2013-11-04 02:30 . 2013-11-15 23:18        --------        d-----w-        c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 11:57 . 2009-07-14 10:40        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2008-10-14 10:57 . 2008-10-14 10:57        106496        ----a-w-        c:\program files\Common Files\CPInstallAction.dll
2012-02-16 15:16 . 2012-03-08 21:08        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-12-24 8729864]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-12-24 8729864]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 13:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Звуковая карта SRS Premium Sound для ПК"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD 8\Language\Language.exe" [2009-04-15 50472]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-02 8105984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-30 1392640]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-09-30 851968]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-14 47672]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-14 3054136]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-02-02 220744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-app?lic=&inst=NzctMTMzNzE1NzM2MS1CQVI5TysxLUZMKzktUUlYMSs0LVgyMDEwKzItQ0lBMTArMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtVFVHKzMtUzFJKzEtU1UzKzEtRERUKzQ5MTA1LUREMTBGKzEtU1QxMEZBUFArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJSKzExLVZJUDEyKzEtVTEwKzEtVEwrMS1TVDEyRk9JKzE&prod=0&ver=10.0.1424" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe -d [2009-7-14 12862]
MCtlSvc.lnk - c:\program files\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2010-10-22 88576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 06:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-17 c:\windows\Tasks\User_Feed_Synchronization-{9F82B765-94FA-498A-9F1B-34E21C463720}.job
- c:\windows\system32\msfeedssync.exe [2013-11-14 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google ВикиКомментарии... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=HP_ss&mntrId=96c72d430000000000000025d34206a6
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=KW_ss&mntrId=96c72d430000000000000025d34206a6&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111316&tt=010712_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 96c72d430000000000000025d34206a6
FF - user.js: extensions.BabylonToolbar_i.hardId - 96c72d430000000000000025d34206a6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15528
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-17 21:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"???????? ????? SRS Premium Sound ??? ??"="\"c:\\Program Files\\SRS Labs\\SRS Premium Sound\\SRSPremiumSoundBig_Small.exe\" /hideme"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(652)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(5216)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
Completion time: 2013-11-17  21:28:29
ComboFix-quarantined-files.txt  2013-11-17 20:28
ComboFix2.txt  2013-11-15 23:59
.
Pre-Run: 42.834.771.968 bytes free
Post-Run: 42.652.930.048 байт свободно
.
- - End Of File - - F1543604263DB0A10C6BF02D41964F8D
64B1E91C5C6C2157642651010728F90F

cosinus 17.11.2013 21:56
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Bernchen 18.11.2013 00:12
Hier ist der Logfile nach dem Neustart. Der erneute Scan hat nichts gefunden. Beim ersten Scan wurde ein Schaedling gefunden
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.17.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19483
Asus :: ASUS-ПК [administrator]

17.11.2013 23:23:49
mbar-log-2013-11-17 (23-23-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 212044
Time elapsed: 39 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 18.11.2013 00:25
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Bernchen 18.11.2013 01:13
Teil 1
Code:
# AdwCleaner v3.012 - Report created 18/11/2013 at 00:35:35
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Asus - ASUS-ПК
# Running from : C:\Users\Asus\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : ICQ Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Users\Asus\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Asus\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Asus\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Asus\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Asus\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Asus\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Asus\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Asus\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\Extensions\bbrs_002@blabbers.com
File Deleted : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\11-suche.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\Blabbers     
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1194237-547A-461d-BD44-B97B1574A7DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A1194237-547A-461d-BD44-B97B1574A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19483

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v10.0.2 (ru)

[ File : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=HP_ss&mntrId=96c72d430000000000000025d34206a6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111316&tt=010712_2");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "96c72d430000000000000025d34206a6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "96c72d430000000000000025d34206a6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15528");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=NT_ss&mntrId=96c72d430000000000000025d34206a6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:50:38");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111316&tt=010712_2&babsrc=KW_ss&mntrId=96c72d430000000000000025d34206a6&q=");

*************************

AdwCleaner[R0].txt - [24745 octets] - [18/11/2013 00:34:44]
AdwCleaner[S0].txt - [25002 octets] - [18/11/2013 00:35:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25063 octets] ##########

Bernchen 18.11.2013 01:18
Im Anhang die jrt.zip

Bernchen 18.11.2013 01:18
und zu guter Letzt die frst

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2013 02
Ran by Asus (administrator) on ASUS-ПК on 18-11-2013 01:05:15
Running from C:\Users\Asus\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: Russian
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program files\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(CyberLink Corp.) C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
(CyberLink) C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RemoteControl8] - C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [P2Go_Menu] - C:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-02] (ASUS)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE [1392640 2009-04-30] (VIA)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [540576 2009-04-21] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Wireless Console 3] - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-06] ()
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-08-19] (ASUS)
HKLM\...\Run: [ADSMTray] - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-03-31] (ASUSTek Computer Inc.)
HKLM\...\Run: [ACMON] - C:\Program Files\ASUS\Splendid\ACMON.exe [851968 2008-09-30] (ATK)
HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\AsScrProlog.exe [47672 2009-07-14] ()
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3054136 2009-07-14] (ASUS)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [220744 2012-02-02] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-app?lic="&"inst=NzctMTMzNzE1NzM2MS1CQVI5TysxLUZMKzktUUlYMSs0LVgyMDEwKzItQ0lBMTArMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtVFVHKzMtUzFJKzEtU1UzKzEtRERUKzQ5MTA1LUREMTBGKzEtU1QxMEZBUFArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJSKzExLVZJUDEyKzEtVTEwKzEtVEwrMS1TVDEyRk9JKzE"&"prod=0"&"ver=10.0.1424
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKCU\...\Run: [Звуковая карта SRS Premium Sound для ПК] - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3405048 2009-04-07] (SRS Labs, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-15] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Яндекс = hxxp://yandex.ru/yandsearch?clid=47093&text={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6C6BA6FC-C3E0-42E1-B5C3-4061253D927C} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {714F7BEC-8CC1-47C8-A655-58A40E1A16F4} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {71DDF99D-3FB1-4EFB-A721-216319D6C350} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {91397D20-1446-11D4-8AF4-0040CA1127B6} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os&clid=1836589
SearchScopes: HKCU - {AD2D8EA5-305B-4B46-8B7C-7D19BC11C12A} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО «ЯНДЕКС»)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.7.1 - C:\Users\Asus\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: toolbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\0dfrd1tn.default\Extensions\toolbar@web.de.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-30] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S3 DFSR; C:\Windows\system32\DFSR.exe [2092544 2009-04-11] (Корпорация Майкрософт)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [70880 2009-04-07] (SRS Labs, Inc.)
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Корпорация Майкрософт)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.)
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [30264 2009-07-14] (ASUSTek Computer Inc)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic)
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] (Корпорация Intel)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [90112 2009-04-21] (ELAN Microelectronic Corp.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233128 2009-04-01] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1019392 2009-04-28] (VIA Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Asus\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 01:05 - 2013-11-18 01:05 - 00018161 _____ C:\Users\Asus\Downloads\FRST.txt
2013-11-18 01:04 - 2013-11-18 01:05 - 01090935 _____ (Farbar) C:\Users\Asus\Downloads\FRST.exe
2013-11-18 01:03 - 2013-11-18 01:03 - 00133628 _____ C:\Users\Asus\Desktop\JRT.txt
2013-11-18 00:57 - 2013-11-18 00:58 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2013-11-18 00:50 - 2013-11-18 00:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 00:43 - 2013-11-18 00:43 - 01034531 _____ (Thisisu) C:\Users\Asus\Downloads\JRT.exe
2013-11-18 00:34 - 2013-11-18 00:35 - 00000000 ____D C:\AdwCleaner
2013-11-18 00:34 - 2013-11-18 00:34 - 01085542 _____ C:\Users\Asus\Downloads\adwcleaner.exe
2013-11-18 00:32 - 2013-11-18 00:32 - 126764512 _____ C:\Users\Asus\Downloads\avira_free1401_antivirus_de.exe
2013-11-18 00:24 - 2013-11-18 00:24 - 00000811 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-18 00:24 - 2013-11-18 00:24 - 00000000 ____D C:\Program Files\CCleaner
2013-11-18 00:23 - 2013-11-18 00:23 - 00618912 _____ C:\Users\Asus\Desktop\CCleaner - CHIP-Downloader.exe
2013-11-17 22:42 - 2013-11-17 23:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-17 22:42 - 2013-11-17 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 22:41 - 2013-11-18 00:07 - 00000000 ____D C:\Users\Asus\Desktop\mbar
2013-11-17 22:41 - 2013-11-17 23:23 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 22:39 - 2013-11-17 22:40 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Asus\Desktop\mbar-1.07.0.1007.exe
2013-11-17 21:28 - 2013-11-17 21:28 - 00012162 _____ C:\ComboFix.txt
2013-11-17 20:52 - 2013-11-17 20:52 - 05146587 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe
2013-11-16 13:09 - 2013-11-16 13:09 - 00000000 ____D C:\ProgramData\Oracle
2013-11-16 13:08 - 2013-11-16 13:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 13:08 - 2013-11-16 13:06 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-16 13:07 - 2013-11-16 13:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-16 13:07 - 2013-11-16 13:06 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-16 13:07 - 2013-11-16 13:06 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-16 00:23 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-16 00:23 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-16 00:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-16 00:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-16 00:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-16 00:23 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-16 00:23 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-16 00:23 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-15 23:59 - 2013-11-17 21:28 - 00000000 ____D C:\Qoobox
2013-11-15 23:56 - 2013-11-16 00:56 - 00000000 ____D C:\Windows\erdnt
2013-11-14 20:04 - 2013-10-13 12:55 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:04 - 2013-10-13 12:55 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:04 - 2013-10-13 12:55 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 20:04 - 2013-10-13 12:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-14 20:04 - 2013-10-13 12:51 - 06018048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:04 - 2013-10-13 12:51 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:04 - 2013-10-13 12:51 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-11-14 20:04 - 2013-10-13 12:51 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 20:04 - 2013-10-13 12:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-14 20:04 - 2013-10-13 12:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-14 20:04 - 2013-10-13 12:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 20:04 - 2013-10-13 12:49 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:04 - 2013-10-13 12:49 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:04 - 2013-10-13 12:47 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-11-14 20:04 - 2013-10-13 11:09 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-14 20:04 - 2013-10-13 09:28 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 20:04 - 2013-10-13 09:27 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:04 - 2013-10-13 09:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-14 20:04 - 2013-10-13 09:25 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:04 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 20:04 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 20:03 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 20:03 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 20:03 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 19:23 - 2013-11-14 19:23 - 00000000 ____D C:\FRST
2013-11-12 22:37 - 2013-11-12 22:37 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-12 22:10 - 2013-11-17 23:13 - 00000000 ____D C:\ProgramData\Xn9nnoR3
2013-11-10 14:33 - 2013-11-10 14:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2845142_WM64$
2013-11-10 14:33 - 2007-07-27 09:41 - 00016760 ____N (Microsoft Corporation) C:\Windows\system32\spmsg.dll
2013-11-10 13:39 - 2013-11-10 13:39 - 00000000 ____D C:\ProgramData\UUdb
2013-11-10 13:25 - 2013-11-10 13:25 - 00000000 ____D C:\Windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-04 09:37 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-04 09:37 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-04 09:37 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-04 09:37 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-04 09:37 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-04 09:37 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-04 09:37 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-04 09:37 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-04 09:37 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-04 09:37 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-04 09:37 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-04 09:37 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-04 09:37 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-04 09:37 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-04 09:37 - 2011-05-05 14:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-04 09:36 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-04 09:36 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 09:36 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-04 09:36 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-04 09:36 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-04 09:36 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-04 09:36 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-04 09:35 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-04 09:03 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-04 03:30 - 2013-11-16 00:18 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-11-18 01:06 - 2013-11-18 01:05 - 00018161 _____ C:\Users\Asus\Downloads\FRST.txt
2013-11-18 01:05 - 2013-11-18 01:04 - 01090935 _____ (Farbar) C:\Users\Asus\Downloads\FRST.exe
2013-11-18 01:05 - 2009-09-23 20:48 - 00000442 ____H C:\Windows\Tasks\User_Feed_Synchronization-{9F82B765-94FA-498A-9F1B-34E21C463720}.job
2013-11-18 01:03 - 2013-11-18 01:03 - 00133628 _____ C:\Users\Asus\Desktop\JRT.txt
2013-11-18 00:58 - 2013-11-18 00:57 - 00000000 ___RD C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2013-11-18 00:58 - 2010-01-26 13:40 - 00000000 ____D C:\Users\Asus\AppData\Local\CrashDumps
2013-11-18 00:57 - 2009-07-14 11:40 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-11-18 00:57 - 2009-07-14 10:29 - 01272982 _____ C:\Windows\WindowsUpdate.log
2013-11-18 00:54 - 2009-11-14 14:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-18 00:54 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 00:54 - 2006-11-02 13:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 00:54 - 2006-11-02 13:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 00:52 - 2008-04-13 23:19 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-18 00:52 - 2006-11-02 13:58 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-18 00:50 - 2013-11-18 00:50 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 00:43 - 2013-11-18 00:43 - 01034531 _____ (Thisisu) C:\Users\Asus\Downloads\JRT.exe
2013-11-18 00:35 - 2013-11-18 00:34 - 00000000 ____D C:\AdwCleaner
2013-11-18 00:34 - 2013-11-18 00:34 - 01085542 _____ C:\Users\Asus\Downloads\adwcleaner.exe
2013-11-18 00:32 - 2013-11-18 00:32 - 126764512 _____ C:\Users\Asus\Downloads\avira_free1401_antivirus_de.exe
2013-11-18 00:27 - 2010-01-01 07:25 - 00000000 ____D C:\Windows\Minidump
2013-11-18 00:27 - 2009-09-19 06:23 - 00000000 ____D C:\Users\Asus\Tracing
2013-11-18 00:27 - 2009-09-15 16:29 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2013-11-18 00:27 - 2008-04-14 00:14 - 00000000 ____D C:\Windows\Panther
2013-11-18 00:24 - 2013-11-18 00:24 - 00000811 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-18 00:24 - 2013-11-18 00:24 - 00000000 ____D C:\Program Files\CCleaner
2013-11-18 00:23 - 2013-11-18 00:23 - 00618912 _____ C:\Users\Asus\Desktop\CCleaner - CHIP-Downloader.exe
2013-11-18 00:07 - 2013-11-17 22:41 - 00000000 ____D C:\Users\Asus\Desktop\mbar
2013-11-17 23:23 - 2013-11-17 22:42 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-17 23:23 - 2013-11-17 22:41 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 23:13 - 2013-11-12 22:10 - 00000000 ____D C:\ProgramData\Xn9nnoR3
2013-11-17 23:13 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Branding
2013-11-17 22:42 - 2013-11-17 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 22:40 - 2013-11-17 22:39 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Asus\Desktop\mbar-1.07.0.1007.exe
2013-11-17 21:28 - 2013-11-17 21:28 - 00012162 _____ C:\ComboFix.txt
2013-11-17 21:28 - 2013-11-15 23:59 - 00000000 ____D C:\Qoobox
2013-11-17 21:25 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-11-17 21:19 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 20:59 - 2012-06-07 22:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-17 20:52 - 2013-11-17 20:52 - 05146587 ____R (Swearware) C:\Users\Asus\Desktop\ComboFix.exe
2013-11-16 13:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing
2013-11-16 13:10 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\ru-RU
2013-11-16 13:09 - 2013-11-16 13:09 - 00000000 ____D C:\ProgramData\Oracle
2013-11-16 13:08 - 2013-11-16 13:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-16 13:07 - 2013-11-16 13:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-16 13:06 - 2013-11-16 13:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-16 13:06 - 2013-11-16 13:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-16 13:06 - 2013-11-16 13:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-16 13:06 - 2010-11-01 00:08 - 00000000 ____D C:\Program Files\Java
2013-11-16 13:06 - 2009-07-14 10:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 00:59 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-11-16 00:56 - 2013-11-15 23:56 - 00000000 ____D C:\Windows\erdnt
2013-11-16 00:52 - 2009-09-01 18:32 - 00000000 ____D C:\Users\Asus
2013-11-16 00:41 - 2008-01-21 06:59 - 01512502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 00:41 - 2008-01-21 06:59 - 00671952 _____ C:\Windows\system32\perfh019.dat
2013-11-16 00:41 - 2008-01-21 06:59 - 00134454 _____ C:\Windows\system32\perfc019.dat
2013-11-16 00:18 - 2013-11-04 03:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 00:07 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-15 23:40 - 2010-11-10 20:30 - 00000000 ____D C:\Users\Asus\AppData\Local\Windows Live
2013-11-14 20:02 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-14 19:23 - 2013-11-14 19:23 - 00000000 ____D C:\FRST
2013-11-14 19:22 - 2009-09-22 11:54 - 00001356 _____ C:\Users\Asus\AppData\Local\d3d9caps.dat
2013-11-12 22:37 - 2013-11-12 22:37 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-12 22:10 - 2009-09-15 16:32 - 00000000 ____D C:\Users\Asus\AppData\Local\Google
2013-11-12 21:37 - 2006-11-02 13:44 - 00382216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 21:35 - 2010-05-27 03:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-12 21:32 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-11-10 14:33 - 2013-11-10 14:33 - 00000000 __HDC C:\Windows\$NtUninstallKB2845142_WM64$
2013-11-10 13:39 - 2013-11-10 13:39 - 00000000 ____D C:\ProgramData\UUdb
2013-11-10 13:39 - 2012-07-31 10:31 - 00000000 ____D C:\Program Files\1und1Softwareaktualisierung
2013-11-10 13:25 - 2013-11-10 13:25 - 00000000 ____D C:\Windows\TempDD0DA164-6A6E-9E2D-E5D2-30DD25905171-Signatures
2013-11-04 05:22 - 2011-05-31 14:20 - 00000000 ____D C:\Users\Asus\Desktop\Uni
2013-11-04 03:34 - 2009-09-15 16:50 - 00000000 ____D C:\Users\Asus\AppData\Roaming\ICQ

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe
C:\Users\Public\RemoveSGP0.exe


Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-18 01:03

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:03 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131