"Entfernen des Win32/Small.CA_Virus"

Hilfe_1 · 05.09.2013, 15:01

Und hier das frische FRST log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Matthias (administrator) on MATTHIAS-PC on 05-09-2013 15:59:47
Running from C:\Users\Matthias\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) E:\avira\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) E:\avira\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Matthias\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Windows\system\Cm106eye.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Samsung Electronics Co., Ltd.) C:\Users\Matthias\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) E:\avira\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
(Avira Operations GmbH & Co. KG) E:\avira\Avira\AntiVir Desktop\avshadow.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) E:\avira\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8151040 2010-07-01] (C-Media Corporation)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-01] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [KiesHelper] - C:\Users\Matthias\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Users\Matthias\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKCU\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-11-30] (AMD)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9993344 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Users\Matthias\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - E:\avira\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - E:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 E:\avira\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 E:\avira\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\pdf\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Free Download Manager plugin - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: Download Youtube Videos + - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\video.downloader.plugin@ffpimp.com
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: toolbar - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\2b93jiix.default\Extensions\toolbar@gmx.net.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "hxxp://www.google.at/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll No File
CHR Plugin: (Free Studio) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\pdf\npnitromozilla.dll ( )
CHR Plugin: (iTunes Application Detector) - E:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.8.29528_0
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Matthias\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.8.0.crx

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; E:\avira\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; E:\avira\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; E:\avira\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-01-16] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-28] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2010-12-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2010-12-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2010-12-21] (MCCI Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 VSPerfDrv100; E:\windows-office\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 VSPerfDrv100; E:\windows-office\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 15:51 - 2013-09-05 15:51 - 00002178 _____ C:\Users\Matthias\Desktop\JRT.txt
2013-09-05 15:45 - 2013-09-05 15:45 - 01028757 _____ (Thisisu) C:\Users\Matthias\Desktop\JRT.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 15:36 - 2013-09-05 15:38 - 00000000 ____D C:\AdwCleaner
2013-09-05 15:35 - 2013-09-05 15:35 - 01037134 _____ C:\Users\Matthias\Desktop\adwcleaner_3002.exe
2013-09-05 15:17 - 2013-09-05 15:17 - 599757871 _____ C:\Windows\MEMORY.DMP
2013-09-05 15:17 - 2013-09-05 15:17 - 00276336 _____ C:\Windows\Minidump\090513-25818-01.dmp
2013-09-05 15:17 - 2013-09-05 15:17 - 00000546 _____ C:\Windows\PFRO.log
2013-09-05 15:16 - 2013-09-05 15:16 - 00003464 ____N C:\bootsqm.dat
2013-09-05 15:01 - 2013-09-05 15:01 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 15:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-05 15:00 - 2013-09-05 15:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Matthias\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-05 12:12 - 2013-09-05 12:12 - 00026683 _____ C:\ComboFix.txt
2013-09-05 11:39 - 2013-09-05 12:13 - 00000000 ____D C:\ComboFix
2013-09-05 11:39 - 2013-09-05 12:12 - 00000000 ____D C:\Qoobox
2013-09-05 11:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 11:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 11:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 11:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 11:38 - 2013-09-05 12:05 - 00000000 ____D C:\Windows\erdnt
2013-09-05 11:35 - 2013-09-05 11:35 - 05120804 ____R (Swearware) C:\Users\Matthias\Desktop\ComboFix.exe
2013-09-04 13:04 - 2013-09-04 13:04 - 00049086 _____ C:\Users\Matthias\Desktop\Addition.txt
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-05 15:39 - 00000280 _____ C:\Windows\setupact.log
2013-09-04 11:14 - 2013-09-04 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 22:33 - 2013-09-03 22:33 - 95638383 _____ C:\Windows\SysWOW64\零뻼S
2013-08-31 19:00 - 2013-08-31 19:00 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\AUTOSICH
2013-08-21 22:43 - 2013-08-21 22:44 - 00000133 _____ C:\Users\Matthias\Desktop\shsh.txt
2013-08-18 10:12 - 2013-08-19 11:04 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-18 10:12 - 2013-08-19 11:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-18 10:12 - 2013-08-18 10:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-14 23:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:48 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:48 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:42 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:42 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:42 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-05 15:59 - 2013-09-05 15:59 - 01947160 _____ (Farbar) C:\Users\Matthias\Desktop\FRST64.exe
2013-09-05 15:53 - 2012-04-19 18:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 15:51 - 2013-09-05 15:51 - 00002178 _____ C:\Users\Matthias\Desktop\JRT.txt
2013-09-05 15:48 - 2012-10-19 18:40 - 00000000 ____D C:\Program Files (x86)\SProtector
2013-09-05 15:48 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:48 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:45 - 2013-09-05 15:45 - 01028757 _____ (Thisisu) C:\Users\Matthias\Desktop\JRT.exe
2013-09-05 15:45 - 2013-09-05 15:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-05 15:40 - 2012-10-21 00:00 - 00000000 ____D C:\Users\Matthias\AppData\Local\LogMeIn Hamachi
2013-09-05 15:40 - 2012-05-18 20:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-05 15:40 - 2012-01-01 20:00 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 15:39 - 2013-09-04 11:14 - 00000280 _____ C:\Windows\setupact.log
2013-09-05 15:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 15:38 - 2013-09-05 15:36 - 00000000 ____D C:\AdwCleaner
2013-09-05 15:38 - 2012-12-08 19:28 - 00000000 ____D C:\ProgramData\Uniblue
2013-09-05 15:38 - 2012-01-01 19:07 - 01764328 _____ C:\Windows\WindowsUpdate.log
2013-09-05 15:35 - 2013-09-05 15:35 - 01037134 _____ C:\Users\Matthias\Desktop\adwcleaner_3002.exe
2013-09-05 15:31 - 2012-01-01 20:00 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 15:19 - 2012-01-01 21:10 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype
2013-09-05 15:17 - 2013-09-05 15:17 - 599757871 _____ C:\Windows\MEMORY.DMP
2013-09-05 15:17 - 2013-09-05 15:17 - 00276336 _____ C:\Windows\Minidump\090513-25818-01.dmp
2013-09-05 15:17 - 2013-09-05 15:17 - 00000546 _____ C:\Windows\PFRO.log
2013-09-05 15:17 - 2012-01-03 17:07 - 00000000 ____D C:\Windows\Minidump
2013-09-05 15:16 - 2013-09-05 15:16 - 00003464 ____N C:\bootsqm.dat
2013-09-05 15:01 - 2013-09-05 15:01 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-05 15:01 - 2013-09-05 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 15:00 - 2013-09-05 15:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Matthias\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-05 12:13 - 2013-09-05 11:39 - 00000000 ____D C:\ComboFix
2013-09-05 12:12 - 2013-09-05 12:12 - 00026683 _____ C:\ComboFix.txt
2013-09-05 12:12 - 2013-09-05 11:39 - 00000000 ____D C:\Qoobox
2013-09-05 12:12 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-05 12:05 - 2013-09-05 11:38 - 00000000 ____D C:\Windows\erdnt
2013-09-05 11:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-05 11:50 - 2012-01-01 19:07 - 00000000 ____D C:\Users\Matthias
2013-09-05 11:43 - 2012-01-16 19:51 - 00000000 ____D C:\Users\Matthias\AppData\Local\Adobe
2013-09-05 11:35 - 2013-09-05 11:35 - 05120804 ____R (Swearware) C:\Users\Matthias\Desktop\ComboFix.exe
2013-09-04 13:35 - 2012-08-16 23:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 13:04 - 2013-09-04 13:04 - 00049086 _____ C:\Users\Matthias\Desktop\Addition.txt
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-04 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 10:03 - 2012-07-09 19:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-04 09:51 - 2012-05-18 15:54 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\FileZilla
2013-09-04 09:51 - 2012-01-01 21:05 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Winamp
2013-09-04 09:46 - 2012-01-01 18:56 - 00000000 ____D C:\Windows\Panther
2013-09-03 23:19 - 2012-01-02 23:28 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-03 23:19 - 2012-01-02 00:01 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-03 23:18 - 2012-01-02 00:01 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-03 22:33 - 2013-09-03 22:33 - 95638383 _____ C:\Windows\SysWOW64\零뻼S
2013-09-03 10:04 - 2013-05-07 17:49 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 10:04 - 2013-03-28 10:31 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 10:04 - 2013-03-28 10:31 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 19:03 - 2012-01-01 21:09 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Nitro PDF
2013-08-31 19:00 - 2013-08-31 19:00 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\AUTOSICH
2013-08-31 18:47 - 2009-07-14 19:58 - 00819242 _____ C:\Windows\system32\perfh007.dat
2013-08-31 18:47 - 2009-07-14 19:58 - 00197228 _____ C:\Windows\system32\perfc007.dat
2013-08-31 18:47 - 2009-07-14 07:13 - 01949178 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 22:08 - 2012-01-01 19:59 - 00000000 ____D C:\Users\Matthias\AppData\Local\Google
2013-08-29 00:13 - 2012-07-18 22:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-26 00:45 - 2012-01-14 15:43 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\TS3Client
2013-08-21 22:44 - 2013-08-21 22:43 - 00000133 _____ C:\Users\Matthias\Desktop\shsh.txt
2013-08-21 18:54 - 2012-04-19 18:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:54 - 2012-04-19 18:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 18:54 - 2012-01-03 17:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 11:04 - 2013-08-18 10:12 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-19 11:04 - 2013-08-18 10:12 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-18 10:12 - 2013-08-18 10:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-15 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 23:42 - 2013-07-21 13:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:40 - 2012-01-08 19:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Matthias\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 10:31

==================== End Of Log ============================

--- --- ---

"Entfernen des Win32/Small.CA_Virus"

Plagegeister aller Art und deren Bekämpfung: "Entfernen des Win32/Small.CA_Virus"

"Entfernen des Win32/Small.CA_Virus"

Ähnliche Themen: "Entfernen des Win32/Small.CA_Virus"