Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus

schrauber · 09.10.2013, 08:31

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

RobertH · 09.10.2013, 20:17

Hallo Schrauber!

Soweit möglich habe ich alles nach Anleitung durchgeführt. Wobei ich wohl eine neuere Version von Windows Repair als in Deiner Beschreibung runtergeladen hatte, sodass ich z.B. nicht den Advanced Mode auswählen konnte, weil es keine Auswahl gab. Ein Snapshot zu den Einstellungen habe ich angehängt, habs leider nicht geschafft das Bild direkt einzufügen.

Logs von Windows Repair habe ich nicht gefunden? Muss es die geben bzw. wären die überhaupt interessant für Dich?

Deswegen hier nochmals logs von FSS und FRST.

Grüße
RobertH

Code:

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 09-10-2013 at 20:43:26
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ***** (administrator) on ***** on 09-10-2013 21:01:13
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Nation toolbar\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
() C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Nation toolbar\vprot.exe [2403144 2013-10-04] ()
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\guard32.dll C:\windows\system32\guard32.dll [ 2012-11-08] (COMODO)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{92411C10-8C16-4867-B341-04D5B6DC13B1}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz-muenchen.de/"
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.0.7
FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.0.7

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2012-02-26] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [544840 2012-12-13] (Cisco Systems, Inc.)
R2 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1733448 2013-10-04] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-13] (Cisco Systems, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120120 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-04] (AVG Technologies)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1168880 2009-06-26] (Bison Electronics. Inc. )
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-01-06] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\POLYGO~1\AppData\Local\Temp\catchme.sys [x]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2012-02-26] (Huawei Technologies Co., Ltd.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-09 20:43 - 2013-10-09 20:44 - 00002809 _____ C:\Users\*****\Desktop\FSS.txt
2013-10-09 20:38 - 2013-10-09 20:38 - 00000165 ____H C:\Users\*****\Desktop\~$Microsoft PowerPoint-Präsentation (neu).pptx
2013-10-09 19:33 - 2013-10-09 20:18 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-10-09 19:31 - 2013-10-09 19:33 - 00510651 _____ C:\Users\*****\Desktop\Microsoft PowerPoint-Präsentation (neu).pptx
2013-10-09 19:24 - 2013-10-09 19:24 - 00000207 _____ C:\windows\tweaking.com-regbackup-POLYGONUM-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2013-10-09 19:22 - 2013-10-09 19:22 - 00000000 ____D C:\RegBackup
2013-10-09 18:51 - 2013-10-09 18:51 - 00003472 ____N C:\bootsqm.dat
2013-10-09 18:36 - 2013-10-09 18:36 - 03268460 _____ C:\Users\*****\Desktop\tweaking.com_windows_repair_aio.zip
2013-10-08 21:08 - 2013-10-09 20:08 - 17750408 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2013-10-06 18:15 - 2013-10-06 18:20 - 00038653 _____ C:\Users\*****\Desktop\FRST3.txt
2013-10-06 18:13 - 2013-10-06 18:22 - 00023361 _____ C:\Users\*****\Desktop\Addition2.txt
2013-10-05 13:35 - 2013-10-08 19:56 - 00358923 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2013-10-04 13:55 - 2013-10-04 13:55 - 00103680 _____ (GMER) C:\fxdcrpob.sys
2013-10-04 13:09 - 2013-10-04 13:09 - 00377856 _____ C:\Users\*****\Desktop\gmer_2.1.19163.exe
2013-10-04 13:04 - 2013-10-04 13:04 - 00000000 ____D C:\FRST
2013-10-04 13:02 - 2013-10-07 18:19 - 00000000 ____D C:\Users\*****\Desktop\win32 small ca virus
2013-10-04 13:00 - 2013-10-04 13:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-04 12:57 - 2013-10-04 12:57 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-10-04 12:55 - 2013-10-04 12:55 - 01087213 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-10-04 09:56 - 2013-10-04 09:56 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-04 09:55 - 2013-10-04 09:55 - 00000951 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Local\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-04 09:52 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-04 09:54 - 2013-10-04 09:55 - 00001700 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-10-04 09:54 - 2013-10-04 09:55 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-10-04 09:54 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-10-04 09:53 - 2013-10-04 09:55 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-04 09:52 - 2013-10-04 09:56 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-04 09:52 - 2013-10-04 09:52 - 00000000 ___HD C:\$AVG
2013-10-04 09:47 - 2013-10-04 10:01 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-04 09:47 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\MFAData
2013-10-04 09:20 - 2013-10-04 09:20 - 00891144 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-04 03:27 - 2013-10-04 03:28 - 04425448 _____ (AVG Technologies) C:\Users\*****\Desktop\avg_free_stb_all_2014_4116.exe
2013-10-04 02:58 - 2013-10-04 03:05 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-10-04 02:47 - 2013-10-04 02:47 - 00000000 ____D C:\windows\ERUNT
2013-10-04 02:43 - 2013-10-04 02:43 - 01030305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-10-04 02:36 - 2013-10-04 02:39 - 00000000 ____D C:\AdwCleaner
2013-10-04 02:35 - 2013-10-04 02:35 - 01045226 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-10-04 02:15 - 2013-10-04 02:15 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 02:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-04 02:14 - 2013-10-04 02:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-04 02:08 - 2013-10-04 02:08 - 00018186 _____ C:\ComboFix.txt
2013-10-04 01:57 - 2013-10-04 09:45 - 00000000 ____D C:\Users\*****\Desktop\win32smal ca
2013-10-04 01:49 - 2013-10-04 02:08 - 00000000 ____D C:\Qoobox
2013-10-04 01:49 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-04 01:49 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-04 01:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-04 01:48 - 2013-10-04 02:07 - 00000000 ____D C:\windows\erdnt
2013-10-04 01:24 - 2013-10-04 01:25 - 05130107 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-04 00:41 - 2013-10-04 00:44 - 90791696 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-10-01 01:23 - 2013-10-01 01:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Kleio
2013-10-01 00:55 - 2013-10-04 09:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-15 11:23 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-15 11:23 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-15 11:23 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-15 11:23 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-15 11:23 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-15 11:23 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 12:18 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 12:18 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 12:18 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 12:18 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 12:18 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 12:18 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 12:18 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 12:18 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-10 22:11 - 2013-09-10 22:11 - 00022840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2013-10-09 20:47 - 2010-03-26 23:56 - 00122576 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-09 20:44 - 2013-10-09 20:43 - 00002809 _____ C:\Users\*****\Desktop\FSS.txt
2013-10-09 20:38 - 2013-10-09 20:38 - 00000165 ____H C:\Users\*****\Desktop\~$Microsoft PowerPoint-Präsentation (neu).pptx
2013-10-09 20:38 - 2010-01-06 00:57 - 01469463 _____ C:\windows\WindowsUpdate.log
2013-10-09 20:26 - 2009-11-16 14:06 - 01629916 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-09 20:26 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 20:26 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 20:21 - 2011-07-24 17:07 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 20:21 - 2010-01-06 01:07 - 14562275 _____ C:\FaceProv.log
2013-10-09 20:21 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-09 20:21 - 2009-07-14 06:39 - 00344323 _____ C:\windows\setupact.log
2013-10-09 20:21 - 2009-07-14 06:33 - 00456592 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-09 20:20 - 2009-11-16 14:15 - 00554378 _____ C:\windows\PFRO.log
2013-10-09 20:18 - 2013-10-09 19:33 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-10-09 20:08 - 2013-10-08 21:08 - 17750408 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 20:08 - 2012-09-05 12:28 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 20:08 - 2011-07-24 17:07 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 19:33 - 2013-10-09 19:31 - 00510651 _____ C:\Users\*****\Desktop\Microsoft PowerPoint-Präsentation (neu).pptx
2013-10-09 19:24 - 2013-10-09 19:24 - 00000207 _____ C:\windows\tweaking.com-regbackup-POLYGONUM-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2013-10-09 19:22 - 2013-10-09 19:22 - 00000000 ____D C:\RegBackup
2013-10-09 18:51 - 2013-10-09 18:51 - 00003472 ____N C:\bootsqm.dat
2013-10-09 18:36 - 2013-10-09 18:36 - 03268460 _____ C:\Users\*****\Desktop\tweaking.com_windows_repair_aio.zip
2013-10-09 18:16 - 2010-11-14 12:11 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 19:56 - 2013-10-05 13:35 - 00358923 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2013-10-07 18:19 - 2013-10-04 13:02 - 00000000 ____D C:\Users\*****\Desktop\win32 small ca virus
2013-10-06 18:22 - 2013-10-06 18:13 - 00023361 _____ C:\Users\*****\Desktop\Addition2.txt
2013-10-06 18:20 - 2013-10-06 18:15 - 00038653 _____ C:\Users\*****\Desktop\FRST3.txt
2013-10-04 13:55 - 2013-10-04 13:55 - 00103680 _____ (GMER) C:\fxdcrpob.sys
2013-10-04 13:09 - 2013-10-04 13:09 - 00377856 _____ C:\Users\*****\Desktop\gmer_2.1.19163.exe
2013-10-04 13:04 - 2013-10-04 13:04 - 00000000 ____D C:\FRST
2013-10-04 13:00 - 2013-10-04 13:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-04 13:00 - 2010-03-26 23:56 - 00000000 ____D C:\Users\*****
2013-10-04 12:57 - 2013-10-04 12:57 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-10-04 12:55 - 2013-10-04 12:55 - 01087213 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-10-04 10:01 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-04 09:56 - 2013-10-04 09:56 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-04 09:56 - 2013-10-04 09:52 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-04 09:55 - 2013-10-04 09:55 - 00000951 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Local\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-04 09:54 - 00001700 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-10-04 09:55 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-10-04 09:55 - 2013-10-04 09:53 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-01 00:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-04 09:54 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-10-04 09:52 - 2013-10-04 09:55 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-04 09:52 - 2013-10-04 09:52 - 00000000 ___HD C:\$AVG
2013-10-04 09:51 - 2010-03-27 01:37 - 00000000 ____D C:\Program Files\AVG
2013-10-04 09:47 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\MFAData
2013-10-04 09:45 - 2013-10-04 01:57 - 00000000 ____D C:\Users\*****\Desktop\win32smal ca
2013-10-04 09:20 - 2013-10-04 09:20 - 00891144 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-04 03:28 - 2013-10-04 03:27 - 04425448 _____ (AVG Technologies) C:\Users\*****\Desktop\avg_free_stb_all_2014_4116.exe
2013-10-04 03:09 - 2011-05-14 15:23 - 00000000 ____D C:\Program Files\Croatian Mini-Dictionary
2013-10-04 03:05 - 2013-10-04 02:58 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-10-04 02:49 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-04 02:47 - 2013-10-04 02:47 - 00000000 ____D C:\windows\ERUNT
2013-10-04 02:43 - 2013-10-04 02:43 - 01030305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-10-04 02:39 - 2013-10-04 02:36 - 00000000 ____D C:\AdwCleaner
2013-10-04 02:35 - 2013-10-04 02:35 - 01045226 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-10-04 02:31 - 2011-12-11 00:25 - 00000000 ____D C:\ProgramData\Sophos
2013-10-04 02:31 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Speech
2013-10-04 02:15 - 2013-10-04 02:15 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 02:14 - 2013-10-04 02:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-04 02:08 - 2013-10-04 02:08 - 00018186 _____ C:\ComboFix.txt
2013-10-04 02:08 - 2013-10-04 01:49 - 00000000 ____D C:\Qoobox
2013-10-04 02:08 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-04 02:08 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-04 02:07 - 2013-10-04 01:48 - 00000000 ____D C:\windows\erdnt
2013-10-04 02:05 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-04 01:25 - 2013-10-04 01:24 - 05130107 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-04 00:44 - 2013-10-04 00:41 - 90791696 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-10-03 23:50 - 2013-05-17 10:33 - 00000000 ____D C:\Users\*****\Desktop\kleio
2013-10-03 16:41 - 2012-05-07 08:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 08:57 - 2013-08-17 13:14 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-10-01 08:57 - 2010-03-27 00:49 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-10-01 01:23 - 2013-10-01 01:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Kleio
2013-09-30 17:32 - 2012-12-09 15:46 - 00000000 ____D C:\Users\*****\Documents\DWS
2013-09-30 17:30 - 2013-07-19 19:22 - 00000000 ____D C:\Users\*****\Desktop\ATV GmbH
2013-09-30 17:29 - 2012-06-28 15:33 - 00000000 ____D C:\Users\*****\Documents\phd
2013-09-30 17:24 - 2013-05-08 20:42 - 00000000 ____D C:\Users\*****\Documents\Steuererklärung 2012
2013-09-30 12:47 - 2012-08-09 01:54 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-09-29 12:37 - 2012-08-15 02:04 - 00000000 ___RD C:\Users\*****\Dropbox
2013-09-15 20:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-15 11:58 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-15 11:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-15 11:32 - 2009-11-16 14:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 11:21 - 2013-08-13 00:40 - 00000000 ____D C:\windows\system32\MRT
2013-09-15 11:16 - 2010-03-27 02:09 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-10 22:11 - 2013-09-10 22:11 - 00022840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsshimx.sys
2013-09-10 20:08 - 2012-09-05 12:28 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-10 20:08 - 2012-09-05 12:28 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\*****\pagenestfree.exe
C:\Users\*****\X16-32011.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 12:31

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by ***** at 2013-10-09 21:02:26
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.0.1 - Deutsch (Version: 9.0.1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3609)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
AVG Nation toolbar (Version: 17.0.0.7)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CDBurnerXP (Version: 4.5.1.4003)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
COMODO Internet Security (Version: 4.0.7305.779)
Conexant HD Audio (Version: 4.98.4.0)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
CorelDRAW Graphics Suite X3 (Version: 13.0)
DE (Version: 13.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dissertation-HU für Microsoft Word 2010 Deutsch (Version: 1.0.4)
DivX-Setup (Version: 2.5.0.15)
Dropbox (HKCU Version: 2.0.22)
EasyCapture (Version: V4.0.09.1015)
EndNote X5 (Version: 15.0.1.5774)
Energy Management (Version: 4.3.1.5)
FontNav (Version: 5.0)
Google Chrome (Version: 30.0.1599.69)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
Junk Mail filter update (Version: 14.0.8117.416)
Lenovo EasyCamera (Version: 6.32.2018.03)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MestReC 4.7.0
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 21.005.15.02.382)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (Version: 7.1.29.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PC Connectivity Solution (Version: 10.21.0.0)
PC-Doctor für Windows (Version: 6.0.5426.03)
PDF-XChange Viewer (Version: 2.5.201.0)
Personal Backup 5.4 (Version: 5.3)
Power2Go (Version: 5.6.0.4809d4)
QuickTime (Version: 7.71.80.42)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
ResearchSoft Direct Export Helper
Steinberg Cubase VST32 5.0 R4
TrueCrypt (Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update Manager (Version: 4.60)
VBA (Version: 6.2)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VeriFace (Version: 3.6.0.0921)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
WISO Steuer 2013 (Version: 20.00.8137)

==================== Restore Points  =========================

03-10-2013 18:01:43 Removed Kleio
03-10-2013 21:50:38 Installed Kleio
03-10-2013 23:36:32 Removed Sophos Anti-Virus
03-10-2013 23:45:47 Removed Sophos AutoUpdate
04-10-2013 01:00:19 Windows Update
04-10-2013 07:51:03 Installed AVG 2014
04-10-2013 07:51:37 Installed AVG 2014
04-10-2013 12:00:45 Windows Update
04-10-2013 12:21:27 Windows Update
05-10-2013 11:30:36 Windows Update
06-10-2013 08:27:17 Windows Update
06-10-2013 13:33:41 Removed Kleio
07-10-2013 15:27:43 Windows Update
07-10-2013 21:48:46 Windows Update
08-10-2013 22:25:13 Windows Update
09-10-2013 17:22:10 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-04 02:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {7B814345-59F4-406B-AA96-DABB5EB84022} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {972801BA-B495-4AB6-B8CF-D849885C691E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0FEEC0E-1723-4CA1-86FF-4FC2CF81BFEC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B1781DD3-A5FC-4541-89D7-046FED44013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {C3714594-D234-4ECB-B660-415AF8B3F776} - System32\Tasks\{E6E9F7F8-F370-4C93-A425-DE88B38B7FD3} => C:\Program Files\EndNote X5\EndNote.exe [2011-10-27] (Thomson Reuters)
Task: {C4C5476B-FAFF-4D59-ADFF-442D5195BD48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {FE282490-20BD-43F4-8E81-19CC47A7AF30} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-06 01:05 - 2010-01-06 01:05 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-06 01:05 - 2010-01-06 01:05 - 00513288 _____ () C:\windows\system32\SimpleExt.dll
2010-08-05 00:02 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-06 01:06 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-01-06 01:06 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-04 09:54 - 2013-10-04 09:52 - 00518472 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
2013-10-04 09:55 - 2013-10-04 09:52 - 00141128 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
2013-10-01 00:55 - 2013-10-01 00:55 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2013 08:15:08 PM) (Source: WinMgmt) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (10/09/2013 08:13:28 PM) (Source: WinMgmt) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (10/09/2013 00:25:42 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSIc8d65.LOG enthalten.

Error: (10/09/2013 00:25:42 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (10/07/2013 11:49:13 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSIca20e.LOG enthalten.

Error: (10/07/2013 11:49:13 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (10/07/2013 08:05:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x1240
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (10/07/2013 07:58:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.1, Zeitstempel: 0x4d879f41
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001e5267
ID des fehlerhaften Prozesses: 0x5e0
Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0
Pfad der fehlerhaften Anwendung: DivXUpdate.exe1
Pfad des fehlerhaften Moduls: DivXUpdate.exe2
Berichtskennung: DivXUpdate.exe3

Error: (10/07/2013 06:15:15 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/07/2013 05:29:14 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSI68065.LOG enthalten.


System errors:
=============
Error: (10/09/2013 08:23:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/09/2013 08:21:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/09/2013 08:21:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (10/09/2013 06:54:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/09/2013 06:52:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/09/2013 06:52:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (10/09/2013 06:12:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/09/2013 06:11:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/09/2013 06:11:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (10/09/2013 00:25:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint 2007 (KB2596764)


Microsoft Office Sessions:
=========================
Error: (10/09/2013 08:15:08 PM) (Source: WinMgmt)(User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (10/09/2013 08:13:28 PM) (Source: WinMgmt)(User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (10/09/2013 00:25:42 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603C:\windows\TEMP\MSIc8d65.LOG(NULL)(NULL)

Error: (10/09/2013 00:25:42 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/07/2013 11:49:13 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603C:\windows\TEMP\MSIca20e.LOG(NULL)(NULL)

Error: (10/07/2013 11:49:13 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/07/2013 08:05:12 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8124001cec3878005203cC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll023f8182-2f7b-11e3-a1a0-705ab64d851e

Error: (10/07/2013 07:58:02 PM) (Source: Application Error)(User: )
Description: DivXUpdate.exe1.0.6.14d879f41unknown0.0.0.000000000c0000005001e52675e001cec37bccfa48edC:\Program Files\DivX\DivX Update\DivXUpdate.exeunknown020954cb-2f7a-11e3-a1a0-705ab64d851e

Error: (10/07/2013 06:15:15 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/07/2013 05:29:14 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603C:\windows\TEMP\MSI68065.LOG(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3032.6 MB
Available physical RAM: 1341.4 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 4245.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:420.55 GB) (Free:108.81 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2051D46A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================

schrauber · 10.10.2013, 08:55

Nö passt. Noch Probleme?

RobertH · 10.10.2013, 22:37

keine Probleme. Passt alles. Respekt und vielen Dank!
Grüße
Roberth

schrauber · 11.10.2013, 08:54

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

RobertH · 11.10.2013, 17:53

Alles klar soweit. Kannst das Thema schließen etc. Danke! Grüße Roberth

schrauber · 12.10.2013, 14:57

Gern Geschehen

10.10.2013, 08:55	#18
schrauber /// the machine /// TB-Ausbilder	Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus Nö passt. Noch Probleme? __________________ __________________

12.10.2013, 14:57	#22
schrauber /// the machine /// TB-Ausbilder	Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus

Log-Analyse und Auswertung: Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus