Hallo!

Ich würde mich über Hilfe zu folgendem Problem sehr freuen: Das Wartungscenter von einem Laptop mit Windows 7 meldet seit gestern:

Code: Alles auswählenAufklappen

ATTFilter

Entfernen des Win32/Small.CA-Virus Windows 7. Dieses Problem wurde von Win32/Small.CA verursacht, einem bekannten Computervirus.
         

Windows gab dazu an, dass bisher ein Absturz auf kosten dieses Virus' geht. Ansonsten bisher keine Symptome. Aber es wurde bereits von Laien rumgedoktert. Was genau gemacht wurde und ob es Erfolgt hatte oder Schaden angerichtet hat, kann ich nicht sagen. Bin selbst auch Laie. Das Wartungscenter zeigt zumindest nachwievor die Virus-Warnung an. Aber ich habe ein paar extra txt-files, die ich unten anhänge. Man beachte, dass diese von gestern sind, nur defogger und FRST sind von heute.

Ich hoffe das Wesentliche steht nun da. gmer habe ich nicht erfolgreich zum Laufen gebracht (siehe unten). Bei FRST gab es eine Fehlermeldung im Anschluss, die ich leider nicht wiedergeben kann. (Soll ichs wiederholen?)

Auf dem Computer läuft seit gestern/heute AVG-AntiVirus Free Edition 2014. Davor Sophos.
Außerdem ist wohl die Windows-Firewall aktiviert und die COMODO Firewall. Aber damit kenne ich mich leider nicht aus.

Falls Ihr noch Angaben braucht, versuche ich zu liefern.

Falls die Frage hier beantwortet werden kann: ist der Virus gefährlich? Sollten Passwörter etc. geändert werden?

Vielen Dank schonmal!

Grüße RobertH

hier die logs/txt-Dateien von heute:


defogger:

Code: Alles auswählenAufklappen

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:00 on 04/10/2013 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ***** (administrator) on ***** on 04-10-2013 13:04:47
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
(Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Nation toolbar\vprot.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6749512 2012-03-11] (COMODO)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-11-01] ()
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Nation toolbar\vprot.exe [2403144 2013-10-04] ()
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\guard32.dll [ 2012-03-11] (COMODO)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{92411C10-8C16-4867-B341-04D5B6DC13B1}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz-muenchen.de/"
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.0.7
FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.0.7

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1983232 2012-03-11] (COMODO)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2012-02-26] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [544840 2012-12-13] (Cisco Systems, Inc.)
R2 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1733448 2013-10-04] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-13] (Cisco Systems, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120120 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-04] (AVG Technologies)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1168880 2009-06-26] (Bison Electronics. Inc. )
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-03-11] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [39640 2012-03-11] (COMODO)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-01-06] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2012-02-03] (COMODO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\****~1\AppData\Local\Temp\catchme.sys [x]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2012-02-26] (Huawei Technologies Co., Ltd.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 13:04 - 2013-10-04 13:04 - 00000000 ____D C:\FRST
2013-10-04 13:02 - 2013-10-04 13:03 - 00000000 ____D C:\Users\*****\Desktop\win32 small ca virus
2013-10-04 13:00 - 2013-10-04 13:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-04 12:57 - 2013-10-04 12:57 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-10-04 12:55 - 2013-10-04 12:55 - 01087213 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-10-04 09:56 - 2013-10-04 09:56 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-04 09:55 - 2013-10-04 09:55 - 00000951 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Local\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-04 09:52 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-04 09:54 - 2013-10-04 09:55 - 00001700 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-10-04 09:54 - 2013-10-04 09:55 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-10-04 09:54 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-10-04 09:53 - 2013-10-04 09:55 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-04 09:52 - 2013-10-04 09:56 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-04 09:52 - 2013-10-04 09:52 - 00000000 ___HD C:\$AVG
2013-10-04 09:47 - 2013-10-04 10:01 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-04 09:47 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\MFAData
2013-10-04 09:20 - 2013-10-04 09:20 - 00891144 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-04 03:27 - 2013-10-04 03:28 - 04425448 _____ (AVG Technologies) C:\Users\*****\Desktop\avg_free_stb_all_2014_4116.exe
2013-10-04 02:58 - 2013-10-04 03:05 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-10-04 02:56 - 2013-10-04 02:56 - 00001088 _____ C:\Users\*****\Desktop\JRT.txt
2013-10-04 02:47 - 2013-10-04 02:47 - 00000000 ____D C:\windows\ERUNT
2013-10-04 02:43 - 2013-10-04 02:43 - 01030305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-10-04 02:36 - 2013-10-04 02:39 - 00000000 ____D C:\AdwCleaner
2013-10-04 02:35 - 2013-10-04 02:35 - 01045226 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-10-04 02:15 - 2013-10-04 02:15 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 02:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-04 02:14 - 2013-10-04 02:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-04 02:08 - 2013-10-04 02:08 - 00018186 _____ C:\ComboFix.txt
2013-10-04 01:57 - 2013-10-04 09:45 - 00000000 ____D C:\Users\*****\Desktop\win32smal ca
2013-10-04 01:49 - 2013-10-04 02:08 - 00000000 ____D C:\Qoobox
2013-10-04 01:49 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-04 01:49 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-04 01:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-04 01:48 - 2013-10-04 02:07 - 00000000 ____D C:\windows\erdnt
2013-10-04 01:24 - 2013-10-04 01:25 - 05130107 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-04 00:41 - 2013-10-04 00:44 - 90791696 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-10-03 23:51 - 2013-10-03 23:51 - 00000967 _____ C:\Users\*****\Desktop\Kleio.lnk
2013-10-03 23:51 - 2013-10-03 23:51 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kleio
2013-10-03 23:51 - 2013-10-03 23:51 - 00000000 ____D C:\Program Files\Kleio
2013-10-01 01:23 - 2013-10-01 01:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Kleio
2013-10-01 00:55 - 2013-10-04 09:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-15 11:23 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-15 11:23 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-15 11:23 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-15 11:23 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-15 11:23 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-15 11:23 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 12:18 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 12:18 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 12:18 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 12:18 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 12:18 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 12:18 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 12:18 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 12:18 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-10 22:11 - 2013-09-10 22:11 - 00022840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsshimx.sys
2013-09-08 22:12 - 2013-09-08 22:12 - 00027448 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx86.sys

==================== One Month Modified Files and Folders =======

2013-10-04 13:04 - 2013-10-04 13:04 - 00000000 ____D C:\FRST
2013-10-04 13:03 - 2013-10-04 13:02 - 00000000 ____D C:\Users\*****\Desktop\win32 small ca virus
2013-10-04 13:00 - 2013-10-04 13:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-04 13:00 - 2010-03-26 23:56 - 00000000 ____D C:\Users\*****
2013-10-04 13:00 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 13:00 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 12:57 - 2013-10-04 12:57 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-10-04 12:55 - 2013-10-04 12:55 - 01087213 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-10-04 12:39 - 2010-01-06 00:57 - 01294834 _____ C:\windows\WindowsUpdate.log
2013-10-04 12:34 - 2010-01-06 01:07 - 14430398 _____ C:\FaceProv.log
2013-10-04 12:33 - 2011-07-24 17:07 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 12:33 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-04 12:33 - 2009-07-14 06:39 - 00342811 _____ C:\windows\setupact.log
2013-10-04 11:08 - 2012-09-05 12:28 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 11:08 - 2011-07-24 17:07 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 10:01 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-04 10:00 - 2010-11-14 12:11 - 00000000 ____D C:\ProgramData\MFAData
2013-10-04 09:56 - 2013-10-04 09:56 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-04 09:56 - 2013-10-04 09:52 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-04 09:55 - 2013-10-04 09:55 - 00000951 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Local\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-04 09:54 - 00001700 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-10-04 09:55 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-10-04 09:55 - 2013-10-04 09:53 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-01 00:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-04 09:54 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-10-04 09:52 - 2013-10-04 09:55 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-04 09:52 - 2013-10-04 09:52 - 00000000 ___HD C:\$AVG
2013-10-04 09:51 - 2010-03-27 01:37 - 00000000 ____D C:\Program Files\AVG
2013-10-04 09:47 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\MFAData
2013-10-04 09:45 - 2013-10-04 01:57 - 00000000 ____D C:\Users\*****\Desktop\win32smal ca
2013-10-04 09:31 - 2009-11-16 14:15 - 00553440 _____ C:\windows\PFRO.log
2013-10-04 09:20 - 2013-10-04 09:20 - 00891144 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-04 03:28 - 2013-10-04 03:27 - 04425448 _____ (AVG Technologies) C:\Users\*****\Desktop\avg_free_stb_all_2014_4116.exe
2013-10-04 03:09 - 2011-05-14 15:23 - 00000000 ____D C:\Program Files\Croatian Mini-Dictionary
2013-10-04 03:08 - 2009-11-16 14:06 - 01629916 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-04 03:05 - 2013-10-04 02:58 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-10-04 02:56 - 2013-10-04 02:56 - 00001088 _____ C:\Users\*****\Desktop\JRT.txt
2013-10-04 02:49 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-04 02:47 - 2013-10-04 02:47 - 00000000 ____D C:\windows\ERUNT
2013-10-04 02:43 - 2013-10-04 02:43 - 01030305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-10-04 02:39 - 2013-10-04 02:36 - 00000000 ____D C:\AdwCleaner
2013-10-04 02:35 - 2013-10-04 02:35 - 01045226 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-10-04 02:31 - 2011-12-11 00:25 - 00000000 ____D C:\ProgramData\Sophos
2013-10-04 02:31 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Speech
2013-10-04 02:15 - 2013-10-04 02:15 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 02:14 - 2013-10-04 02:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-04 02:08 - 2013-10-04 02:08 - 00018186 _____ C:\ComboFix.txt
2013-10-04 02:08 - 2013-10-04 01:49 - 00000000 ____D C:\Qoobox
2013-10-04 02:08 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-04 02:08 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-04 02:07 - 2013-10-04 01:48 - 00000000 ____D C:\windows\erdnt
2013-10-04 02:05 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-04 01:25 - 2013-10-04 01:24 - 05130107 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-04 00:44 - 2013-10-04 00:41 - 90791696 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-10-03 23:51 - 2013-10-03 23:51 - 00000967 _____ C:\Users\*****\Desktop\Kleio.lnk
2013-10-03 23:51 - 2013-10-03 23:51 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kleio
2013-10-03 23:51 - 2013-10-03 23:51 - 00000000 ____D C:\Program Files\Kleio
2013-10-03 23:50 - 2013-05-17 10:33 - 00000000 ____D C:\Users\*****\Desktop\kleio
2013-10-03 16:41 - 2012-05-07 08:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 08:57 - 2013-08-17 13:14 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-10-01 08:57 - 2010-03-27 00:49 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-10-01 01:23 - 2013-10-01 01:23 - 00000000 ____D C:\Users\P*****\AppData\Roaming\Kleio
2013-09-30 17:32 - 2012-12-09 15:46 - 00000000 ____D C:\Users\*****\Documents\DWS
2013-09-30 17:30 - 2013-07-19 19:22 - 00000000 ____D C:\Users\*****\Desktop\ATV GmbH
2013-09-30 17:29 - 2012-06-28 15:33 - 00000000 ____D C:\Users\*****\Documents\phd
2013-09-30 17:24 - 2013-05-08 20:42 - 00000000 ____D C:\Users\*****\Documents\Steuererklärung 2012
2013-09-30 12:47 - 2012-08-09 01:54 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-09-29 12:37 - 2012-08-15 02:04 - 00000000 ___RD C:\Users\*****\Dropbox
2013-09-15 20:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-15 11:58 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-15 11:39 - 2009-07-14 06:33 - 00456592 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-15 11:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-15 11:32 - 2009-11-16 14:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 11:21 - 2013-08-13 00:40 - 00000000 ____D C:\windows\system32\MRT
2013-09-15 11:16 - 2010-03-27 02:09 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-10 22:11 - 2013-09-10 22:11 - 00022840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsshimx.sys
2013-09-10 20:08 - 2012-09-05 12:28 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-10 20:08 - 2012-09-05 12:28 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-08 22:12 - 2013-09-08 22:12 - 00027448 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx86.sys

Files to move or delete:
====================
C:\Users\*****\pagenestfree.exe
C:\Users\*****\X16-32011.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 12:31

==================== End Of Log ============================
         

FRST Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by ***** at 2013-10-04 13:06:09
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.0.1 - Deutsch (Version: 9.0.1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
AVG Nation toolbar (Version: 17.0.0.7)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CDBurnerXP (Version: 4.5.1.4003)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
COMODO Internet Security (Version: 4.0.7305.779)
Conexant HD Audio (Version: 4.98.4.0)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
CorelDRAW Graphics Suite X3 (Version: 13.0)
DE (Version: 13.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dissertation-HU für Microsoft Word 2010 Deutsch (Version: 1.0.4)
DivX-Setup (Version: 2.5.0.15)
Dropbox (HKCU Version: 2.0.22)
EasyCapture (Version: V4.0.09.1015)
EndNote X5 (Version: 15.0.1.5774)
Energy Management (Version: 4.3.1.5)
FontNav (Version: 5.0)
Google Chrome (Version: 29.0.1547.76)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
Junk Mail filter update (Version: 14.0.8117.416)
Kleio (Version: 1.6.0.0)
Lenovo EasyCamera (Version: 6.32.2018.03)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MestReC 4.7.0
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 21.005.15.02.382)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (Version: 7.1.29.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PC Connectivity Solution (Version: 10.21.0.0)
PC-Doctor für Windows (Version: 6.0.5426.03)
PDF-XChange Viewer (Version: 2.5.201.0)
Personal Backup 5.4 (Version: 5.3)
Power2Go (Version: 5.6.0.4809d4)
QuickTime (Version: 7.71.80.42)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
ResearchSoft Direct Export Helper
Steinberg Cubase VST32 5.0 R4
TrueCrypt (Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update Manager (Version: 4.60)
VBA (Version: 6.2)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VeriFace (Version: 3.6.0.0921)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
WISO Steuer 2013 (Version: 20.00.8137)

==================== Restore Points  =========================

22-09-2013 09:07:01 Windows Update
22-09-2013 22:56:54 Windows Update
24-09-2013 16:09:53 Windows Update
25-09-2013 15:20:38 Windows Update
26-09-2013 05:48:42 Windows Update
27-09-2013 10:50:07 Windows Update
28-09-2013 09:39:17 Windows Update
29-09-2013 10:39:58 Windows Update
30-09-2013 08:41:26 Windows Update
30-09-2013 23:16:10 Installed Kleio
01-10-2013 05:18:25 Windows Update
03-10-2013 18:01:43 Removed Kleio
03-10-2013 21:50:38 Installed Kleio
03-10-2013 23:36:32 Removed Sophos Anti-Virus
03-10-2013 23:45:47 Removed Sophos AutoUpdate
04-10-2013 01:00:19 Windows Update
04-10-2013 07:51:03 Installed AVG 2014
04-10-2013 07:51:37 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-04 02:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {7B814345-59F4-406B-AA96-DABB5EB84022} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {972801BA-B495-4AB6-B8CF-D849885C691E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0FEEC0E-1723-4CA1-86FF-4FC2CF81BFEC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B1781DD3-A5FC-4541-89D7-046FED44013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {C3714594-D234-4ECB-B660-415AF8B3F776} - System32\Tasks\{E6E9F7F8-F370-4C93-A425-DE88B38B7FD3} => C:\Program Files\EndNote X5\EndNote.exe [2011-10-27] (Thomson Reuters)
Task: {C4C5476B-FAFF-4D59-ADFF-442D5195BD48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {FE282490-20BD-43F4-8E81-19CC47A7AF30} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-06 01:05 - 2010-01-06 01:05 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-06 01:05 - 2010-01-06 01:05 - 00513288 _____ () C:\windows\system32\SimpleExt.dll
2010-08-05 00:02 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-06 01:06 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-01-06 01:06 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-04 09:54 - 2013-10-04 09:52 - 00518472 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
2013-10-04 09:55 - 2013-10-04 09:52 - 00141128 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
2013-10-01 00:55 - 2013-10-01 00:55 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-10 20:08 - 2013-09-10 20:08 - 16177544 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2013 00:30:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4405453

Error: (10/04/2013 00:30:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4405453

Error: (10/04/2013 00:30:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2013 11:17:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22667

Error: (10/04/2013 11:17:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22667

Error: (10/04/2013 11:17:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2013 11:17:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19563

Error: (10/04/2013 11:17:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19563

Error: (10/04/2013 11:17:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2013 11:17:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9860


System errors:
=============
Error: (10/04/2013 00:36:40 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/04/2013 00:36:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/04/2013 00:34:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/04/2013 00:34:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (10/04/2013 09:34:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/04/2013 09:32:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/04/2013 09:32:31 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (10/04/2013 03:05:44 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/04/2013 03:01:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint 2007 (KB2596764)


Microsoft Office Sessions:
=========================
Error: (10/04/2013 00:30:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4405453

Error: (10/04/2013 00:30:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4405453

Error: (10/04/2013 00:30:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2013 11:17:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22667

Error: (10/04/2013 11:17:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22667

Error: (10/04/2013 11:17:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2013 11:17:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19563

Error: (10/04/2013 11:17:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19563

Error: (10/04/2013 11:17:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/04/2013 11:17:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9860


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3032.6 MB
Available physical RAM: 1624.54 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 4432.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:420.55 GB) (Free:107.85 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2051D46A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================
         

gmer hat auch im abgesicherten Modus ungefähr folgenden Fehlermeldung gebracht:

Code: Alles auswählenAufklappen

ATTFilter

gmer_2.1.19163.exe funktiniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

Programm schließen
         

Im Folgenden ein paar ältere txt-Dateien, ich nehme an von gestern, nachdem sich das Wartungscenter gemeldet hatte:


ComboFix:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-10-03.03 - ***** 04.10.2013   1:52.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3033.1246 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Setup.exe
c:\users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0FF7C1CE-445B-4DAA-B35B-982B15268528}.xps
c:\users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\{28F41515-25A4-449D-A490-1242CEDED573}.xps
c:\users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4D9E1788-B920-4852-909B-E53B7AEA68E9}.xps
c:\users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70AA7CCA-E20C-4968-862C-8A1D73DA3598}.xps
c:\users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABAE2B2F-3D72-42EA-BFB6-1805400A8695}.xps
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-04 bis 2013-10-04  ))))))))))))))))))))))))))))))
.
.
2013-10-04 00:03 . 2013-10-04 00:05	--------	d-----w-	c:\users\*****\AppData\Local\temp
2013-10-04 00:03 . 2013-10-04 00:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-03 21:51 . 2013-10-03 21:51	--------	d-----w-	c:\program files\Kleio
2013-10-02 10:12 . 2013-10-03 23:56	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1878717F-91EF-4612-B2C0-C212343108D8}\offreg.dll
2013-10-02 00:46 . 2013-09-05 05:02	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1878717F-91EF-4612-B2C0-C212343108D8}\mpengine.dll
2013-09-30 23:23 . 2013-09-30 23:23	--------	d-----w-	c:\users\*****\AppData\Roaming\Kleio
2013-09-14 10:18 . 2013-08-08 01:03	2348544	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 18:08 . 2012-09-05 10:28	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 18:08 . 2012-09-05 10:28	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-08-07 02:22 . 2011-12-11 00:34	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-15 10:06	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 10:05	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 10:05	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03 . 2013-08-15 10:05	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53 . 2013-08-15 10:05	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 10:05	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 10:06	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 10:05	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 10:05	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 10:05	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 10:05	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-02 20:08	222832	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-02 20:08	222832	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-02 20:08	222832	----a-w-	c:\users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-01-05 23:05	1410312	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2011-11-01 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2013\mshaktuell.exe [2013-8-22 1397840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 17:06	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
2010-01-05 23:05	3122440	----a-w-	c:\program files\Lenovo\VeriFace\PManage.exe
.
2;2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [2012-02-26 239968]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-12-13 92112]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-02-26 353280]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S1 funfrm;funfrm; [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-13 544840]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-02-26 73216]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 10:41	1177552	----a-w-	c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 18:08]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 15:06]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 15:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=da26652600000000000000059a3c7a00
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{92411C10-8C16-4867-B341-04D5B6DC13B1}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.type - 2
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da26652600000000000000059a3c7a00
FF - user.js: extensions.BabylonToolbar_i.hardId - da26652600000000000000059a3c7a00
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:35
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-SkypePM - c:\users\*****\AppData\Local\Skype\SkypePM.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-Uncompressor - c:\program files\Uncompressor\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2013-10-04  02:08:24
ComboFix-quarantined-files.txt  2013-10-04 00:08
.
Vor Suchlauf: 9 Verzeichnis(se), 114.787.430.400 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 116.819.292.160 Bytes frei
.
- - End Of File - - 28A92B5D2B2E72FB73343E63E2B155D2
A36C5E4F47E84449FF07ED3517B43A31
         

mbam:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.03.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
***** :: ***** [Administrator]

Schutz: Aktiviert

04.10.2013 02:19:09
mbam-log-2013-10-04 (02-19-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210564
Laufzeit: 7 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1F1TtGtCtH1O1T1H0StF1P -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\*****\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

AdwCleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.006 - Bericht erstellt am 04/10/2013 um 02:39:16
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ***** - ****
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Uncompressor
Ordner Gelöscht : C:\Users\*****\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Ordner Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Produkt Gelöscht : BabylonObjectInstaller

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\prefs.js ]

Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "da26652600000000000000059a3c7a00");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "da26652600000000000000059a3c7a00");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15481");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109986&babsrc=NT_ss&mntrId=da26652600000000000000059a3c7a00");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:35:07");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R0].txt - [9377 octets] - [04/10/2013 02:36:43]
AdwCleaner[S0].txt - [9022 octets] - [04/10/2013 02:39:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9082 octets] ##########
         

JRT:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 04.10.2013 at  2:51:48,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BA33D395-23A4-4643-B4BC-F98B4F5FE622}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\s8l1w3ao.default\minidumps [289 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.10.2013 at  2:56:08,17
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

checkup:

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.8.800.168  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (24.0) 
 Mozilla Thunderbird (17.0.7) 
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Comodo Firewall cmdagent.exe 
 Comodo Firewall cfp.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Mobile Partner OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Hi,

sind die FRST logs aktuell, sprich nach all den Scans und Tools?

Hallo, das ging schnell. Danke.

ja die FRST sind aktuell. Danach wurde nichts mehr gemacht, nur versucht GMER erfolgreich zu starten. FRST vor den Scans und Tools habe ich nicht.

Roberth

Edit: PS: die Meldung über den Virus wurde mittlerweile in das Archiv des Wartungscenters geschoben, falls das was zu sagen hat. Hat es was zu sagen?

Ja das sie nimmer aktuell ist.

Downloade dir bitte Farbar Service Scanner

• Starte das Tool mit Doppelklick auf die FSS.exe
• Gehe sicher, dass folgende Optionen angehakt sind.
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Klicke auf Scan.
• Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Hallo Schrauber,

aha. bitteschön:

FSS.txt

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 05-10-2013 at 13:36:36
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

war der Rechner beim Scan vom Internet getrennt?

eigentlich war der Computer nicht vom Internet getrennt. Nur ein extra Netzlaufwerk war nicht verbunden. Ich dachte das könnte für die Position "connection status" einen Unterschied machen. Deshalb habe ich FSS noch viermal laufen lassen und dabei den Verknüpfungszustand variiert:

1. komplett verknüpft mit Internet
2. komplett getrennt
3. verknüpft, aber mit einem "nichtverbundenen Netzlaufwerk"
4. wie 3. (scheint aber andere Ergebnisse gegeben zu haben, zumindest bezüglich Localhost)


1. Hier FSS-log wenn komplett verknüpft mit dem Internet:

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 05-10-2013 at 20:40:37
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

2. Hier FSS-log wenn komplett vom Internet getrennt.

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 05-10-2013 at 20:44:34
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

3. Hier nochmals der FSS-Zustand mit nichtverbundenem Netzlaufwerk, wie in der Post von heut Mittag.

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 05-10-2013 at 20:54:13
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

4. FSS-log eigentlich bei einem Verknüpfungszustand wie in 3.

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 05-10-2013 at 21:03:38
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

Passt. noch Probleme?

bis auf die Tatsache, dass mir Windows bzw. das Wartungscenter nicht bestätigt, dass der Virus weg ist, ist alles ok. Die Nachricht "Entfernen des Win32/Small.CA-Virus Windows 7" ist noch immer im Archiv. Wenn das aber so sein muss und Du mir bestätigst, dass alles fein und sauber ist, dann bin ich glücklich und zufrieden.

Würdest Du empfehlen alle Passwörter für EMailaccounts/Foren etc. zu ändern? Oder sonst noch irgendwelche Maßnahmen zu ergreifen? nicht nur wegen dem win32/small ca Virus, sondern auch wegen den anderen Infektionen, die mit den tools entfernt wurden.

Grüße
Roberth

Ist die immer noch da? Kannste die löschen? Poste nochmal ein frisches FRST Log.

Ja Passwörter ändern

Ich habe jetzt versucht die Meldung zu löschen, habe es aber nicht geschafft. Das geht zumindest nicht einfach/intuitiv. Ich finde den Befehl "löschen" nicht, falls es ihn gibt. Wie gesagt, kenne mich da garnicht aus. Ich habe zuvor noch nie in dieses Archiv geschaut, geschweige denn versucht dort etwas zu löschen.

Außer der win32/small.ca Meldung ist übrigens nichts im Archiv des Wartungscenters.

Hier nochmals ein frisches FRST-log:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ***** (administrator) on ***** on 06-10-2013 18:13:15
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Nation toolbar\vprot.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Macrovision Corporation) c:\program files\common files\installshield\updateservice\isuspm.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-11-01] ()
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Nation toolbar\vprot.exe [2403144 2013-10-04] ()
HKCU\...\Run: [ISUSPM Startup] - c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\guard32.dll C:\windows\system32\guard32.dll [ 2012-11-08] (COMODO)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{92411C10-8C16-4867-B341-04D5B6DC13B1}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz-muenchen.de/"
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8l1w3ao.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.0.7
FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.0.7

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2012-02-26] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [544840 2012-12-13] (Cisco Systems, Inc.)
R2 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1733448 2013-10-04] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
R3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-13] (Cisco Systems, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120120 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-04] (AVG Technologies)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1168880 2009-06-26] (Bison Electronics. Inc. )
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-01-06] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U3 fxdcrpob; C:\Users\*****\AppData\Local\Temp\fxdcrpob.sys [103680 2013-10-05] (GMER)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [x]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2012-02-26] (Huawei Technologies Co., Ltd.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 21:42 - 2013-10-05 22:05 - 00002809 _____ C:\Users\*****\Desktop\FSS.txt
2013-10-05 13:35 - 2013-10-05 13:35 - 00358923 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2013-10-04 13:55 - 2013-10-04 13:55 - 00103680 _____ (GMER) C:\fxdcrpob.sys
2013-10-04 13:09 - 2013-10-04 13:09 - 00377856 _____ C:\Users\*****\Desktop\gmer_2.1.19163.exe
2013-10-04 13:04 - 2013-10-04 13:04 - 00000000 ____D C:\FRST
2013-10-04 13:02 - 2013-10-06 18:12 - 00000000 ____D C:\Users\*****\Desktop\win32 small ca virus
2013-10-04 13:00 - 2013-10-04 13:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-04 12:57 - 2013-10-04 12:57 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-10-04 12:55 - 2013-10-04 12:55 - 01087213 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-10-04 09:56 - 2013-10-04 09:56 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-04 09:55 - 2013-10-04 09:55 - 00000951 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Local\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-04 09:52 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-04 09:54 - 2013-10-04 09:55 - 00001700 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-10-04 09:54 - 2013-10-04 09:55 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-10-04 09:54 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-10-04 09:53 - 2013-10-04 09:55 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-04 09:52 - 2013-10-04 09:56 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-04 09:52 - 2013-10-04 09:52 - 00000000 ___HD C:\$AVG
2013-10-04 09:47 - 2013-10-04 10:01 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-04 09:47 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\MFAData
2013-10-04 09:20 - 2013-10-04 09:20 - 00891144 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-04 03:27 - 2013-10-04 03:28 - 04425448 _____ (AVG Technologies) C:\Users\*****\Desktop\avg_free_stb_all_2014_4116.exe
2013-10-04 02:58 - 2013-10-04 03:05 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-10-04 02:47 - 2013-10-04 02:47 - 00000000 ____D C:\windows\ERUNT
2013-10-04 02:43 - 2013-10-04 02:43 - 01030305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-10-04 02:36 - 2013-10-04 02:39 - 00000000 ____D C:\AdwCleaner
2013-10-04 02:35 - 2013-10-04 02:35 - 01045226 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-10-04 02:15 - 2013-10-04 02:15 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 02:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-04 02:14 - 2013-10-04 02:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-04 02:08 - 2013-10-04 02:08 - 00018186 _____ C:\ComboFix.txt
2013-10-04 01:57 - 2013-10-04 09:45 - 00000000 ____D C:\Users\*****\Desktop\win32smal ca
2013-10-04 01:49 - 2013-10-04 02:08 - 00000000 ____D C:\Qoobox
2013-10-04 01:49 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-04 01:49 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-04 01:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-04 01:49 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-04 01:48 - 2013-10-04 02:07 - 00000000 ____D C:\windows\erdnt
2013-10-04 01:24 - 2013-10-04 01:25 - 05130107 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-04 00:41 - 2013-10-04 00:44 - 90791696 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-10-01 01:23 - 2013-10-01 01:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Kleio
2013-10-01 00:55 - 2013-10-04 09:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-15 11:23 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-15 11:23 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-15 11:23 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-15 11:23 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-15 11:23 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-15 11:23 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-15 11:23 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 12:18 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 12:18 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 12:18 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 12:18 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 12:18 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 12:18 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 12:18 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 12:18 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 12:18 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-10 22:11 - 2013-09-10 22:11 - 00022840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsshimx.sys
2013-09-08 22:12 - 2013-09-08 22:12 - 00027448 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx86.sys

==================== One Month Modified Files and Folders =======

2013-10-06 18:12 - 2013-10-04 13:02 - 00000000 ____D C:\Users\*****\Desktop\win32 small ca virus
2013-10-06 18:08 - 2012-09-05 12:28 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 18:08 - 2011-07-24 17:07 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:06 - 2010-01-06 00:57 - 01693203 _____ C:\windows\WindowsUpdate.log
2013-10-06 14:10 - 2010-01-06 01:07 - 14511645 _____ C:\FaceProv.log
2013-10-06 14:10 - 2009-07-14 06:39 - 00343539 _____ C:\windows\setupact.log
2013-10-06 13:08 - 2011-07-24 17:07 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 10:32 - 2010-11-14 12:11 - 00000000 ____D C:\ProgramData\MFAData
2013-10-05 22:05 - 2013-10-05 21:42 - 00002809 _____ C:\Users\*****\Desktop\FSS.txt
2013-10-05 13:35 - 2013-10-05 13:35 - 00358923 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2013-10-05 13:35 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 13:35 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 23:07 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-04 13:55 - 2013-10-04 13:55 - 00103680 _____ (GMER) C:\fxdcrpob.sys
2013-10-04 13:51 - 2009-11-16 14:15 - 00554026 _____ C:\windows\PFRO.log
2013-10-04 13:09 - 2013-10-04 13:09 - 00377856 _____ C:\Users\*****\Desktop\gmer_2.1.19163.exe
2013-10-04 13:04 - 2013-10-04 13:04 - 00000000 ____D C:\FRST
2013-10-04 13:00 - 2013-10-04 13:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-04 13:00 - 2010-03-26 23:56 - 00000000 ____D C:\Users\*****
2013-10-04 12:57 - 2013-10-04 12:57 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-10-04 12:55 - 2013-10-04 12:55 - 01087213 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-10-04 10:01 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-04 09:56 - 2013-10-04 09:56 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-04 09:56 - 2013-10-04 09:52 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-04 09:55 - 2013-10-04 09:55 - 00000951 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\TuneUp Software
2013-10-04 09:55 - 2013-10-04 09:55 - 00000000 ____D C:\Users\*****\AppData\Local\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-04 09:54 - 00001700 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2013-10-04 09:55 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-10-04 09:55 - 2013-10-04 09:53 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-04 09:55 - 2013-10-01 00:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-04 09:54 - 2013-10-04 09:54 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-10-04 09:52 - 2013-10-04 09:55 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-04 09:52 - 2013-10-04 09:52 - 00000000 ___HD C:\$AVG
2013-10-04 09:51 - 2010-03-27 01:37 - 00000000 ____D C:\Program Files\AVG
2013-10-04 09:47 - 2013-10-04 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\MFAData
2013-10-04 09:45 - 2013-10-04 01:57 - 00000000 ____D C:\Users\*****\Desktop\win32smal ca
2013-10-04 09:20 - 2013-10-04 09:20 - 00891144 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-04 03:28 - 2013-10-04 03:27 - 04425448 _____ (AVG Technologies) C:\Users\*****\Desktop\avg_free_stb_all_2014_4116.exe
2013-10-04 03:09 - 2011-05-14 15:23 - 00000000 ____D C:\Program Files\Croatian Mini-Dictionary
2013-10-04 03:08 - 2009-11-16 14:06 - 01629916 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-04 03:05 - 2013-10-04 02:58 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-10-04 02:49 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-04 02:47 - 2013-10-04 02:47 - 00000000 ____D C:\windows\ERUNT
2013-10-04 02:43 - 2013-10-04 02:43 - 01030305 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-10-04 02:39 - 2013-10-04 02:36 - 00000000 ____D C:\AdwCleaner
2013-10-04 02:35 - 2013-10-04 02:35 - 01045226 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-10-04 02:31 - 2011-12-11 00:25 - 00000000 ____D C:\ProgramData\Sophos
2013-10-04 02:31 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Speech
2013-10-04 02:15 - 2013-10-04 02:15 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 02:15 - 2013-10-04 02:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 02:14 - 2013-10-04 02:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-04 02:08 - 2013-10-04 02:08 - 00018186 _____ C:\ComboFix.txt
2013-10-04 02:08 - 2013-10-04 01:49 - 00000000 ____D C:\Qoobox
2013-10-04 02:08 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-04 02:08 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-04 02:07 - 2013-10-04 01:48 - 00000000 ____D C:\windows\erdnt
2013-10-04 02:05 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-04 01:25 - 2013-10-04 01:24 - 05130107 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-04 00:44 - 2013-10-04 00:41 - 90791696 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-10-03 23:50 - 2013-05-17 10:33 - 00000000 ____D C:\Users\*****\Desktop\kleio
2013-10-03 16:41 - 2012-05-07 08:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 08:57 - 2013-08-17 13:14 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-10-01 08:57 - 2010-03-27 00:49 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-10-01 01:23 - 2013-10-01 01:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Kleio
2013-09-30 17:32 - 2012-12-09 15:46 - 00000000 ____D C:\Users\*****\Documents\DWS
2013-09-30 17:30 - 2013-07-19 19:22 - 00000000 ____D C:\Users\*****\Desktop\ATV GmbH
2013-09-30 17:29 - 2012-06-28 15:33 - 00000000 ____D C:\Users\*****\Documents\phd
2013-09-30 17:24 - 2013-05-08 20:42 - 00000000 ____D C:\Users\*****\Documents\Steuererklärung 2012
2013-09-30 12:47 - 2012-08-09 01:54 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-09-29 12:37 - 2012-08-15 02:04 - 00000000 ___RD C:\Users\*****\Dropbox
2013-09-15 20:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-15 11:58 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-15 11:39 - 2009-07-14 06:33 - 00456592 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-15 11:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-15 11:32 - 2009-11-16 14:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 11:21 - 2013-08-13 00:40 - 00000000 ____D C:\windows\system32\MRT
2013-09-15 11:16 - 2010-03-27 02:09 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-10 22:11 - 2013-09-10 22:11 - 00022840 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsshimx.sys
2013-09-10 20:08 - 2012-09-05 12:28 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-10 20:08 - 2012-09-05 12:28 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-08 22:12 - 2013-09-08 22:12 - 00027448 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx86.sys

Files to move or delete:
====================
C:\Users\*****\pagenestfree.exe
C:\Users\*****\X16-32011.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 12:31

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

--- --- ---


und die Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by ***** at 2013-10-06 18:13:57
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.0.1 - Deutsch (Version: 9.0.1)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
AVG Nation toolbar (Version: 17.0.0.7)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CDBurnerXP (Version: 4.5.1.4003)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
COMODO Internet Security (Version: 4.0.7305.779)
Conexant HD Audio (Version: 4.98.4.0)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
CorelDRAW Graphics Suite X3 (Version: 13.0)
DE (Version: 13.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dissertation-HU für Microsoft Word 2010 Deutsch (Version: 1.0.4)
DivX-Setup (Version: 2.5.0.15)
Dropbox (HKCU Version: 2.0.22)
EasyCapture (Version: V4.0.09.1015)
EndNote X5 (Version: 15.0.1.5774)
Energy Management (Version: 4.3.1.5)
FontNav (Version: 5.0)
Google Chrome (Version: 30.0.1599.69)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
Junk Mail filter update (Version: 14.0.8117.416)
Lenovo EasyCamera (Version: 6.32.2018.03)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MestReC 4.7.0
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 21.005.15.02.382)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (Version: 7.1.29.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PC Connectivity Solution (Version: 10.21.0.0)
PC-Doctor für Windows (Version: 6.0.5426.03)
PDF-XChange Viewer (Version: 2.5.201.0)
Personal Backup 5.4 (Version: 5.3)
Power2Go (Version: 5.6.0.4809d4)
QuickTime (Version: 7.71.80.42)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
ResearchSoft Direct Export Helper
Steinberg Cubase VST32 5.0 R4
TrueCrypt (Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update Manager (Version: 4.60)
VBA (Version: 6.2)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VeriFace (Version: 3.6.0.0921)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
WISO Steuer 2013 (Version: 20.00.8137)

==================== Restore Points  =========================

25-09-2013 15:20:38 Windows Update
26-09-2013 05:48:42 Windows Update
27-09-2013 10:50:07 Windows Update
28-09-2013 09:39:17 Windows Update
29-09-2013 10:39:58 Windows Update
30-09-2013 08:41:26 Windows Update
30-09-2013 23:16:10 Installed Kleio
01-10-2013 05:18:25 Windows Update
03-10-2013 18:01:43 Removed Kleio
03-10-2013 21:50:38 Installed Kleio
03-10-2013 23:36:32 Removed Sophos Anti-Virus
03-10-2013 23:45:47 Removed Sophos AutoUpdate
04-10-2013 01:00:19 Windows Update
04-10-2013 07:51:03 Installed AVG 2014
04-10-2013 07:51:37 Installed AVG 2014
04-10-2013 12:00:45 Windows Update
04-10-2013 12:21:27 Windows Update
05-10-2013 11:30:36 Windows Update
06-10-2013 08:27:17 Windows Update
06-10-2013 13:33:41 Removed Kleio

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-04 02:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {7B814345-59F4-406B-AA96-DABB5EB84022} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {972801BA-B495-4AB6-B8CF-D849885C691E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0FEEC0E-1723-4CA1-86FF-4FC2CF81BFEC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B1781DD3-A5FC-4541-89D7-046FED44013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {C3714594-D234-4ECB-B660-415AF8B3F776} - System32\Tasks\{E6E9F7F8-F370-4C93-A425-DE88B38B7FD3} => C:\Program Files\EndNote X5\EndNote.exe [2011-10-27] (Thomson Reuters)
Task: {C4C5476B-FAFF-4D59-ADFF-442D5195BD48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {FE282490-20BD-43F4-8E81-19CC47A7AF30} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-06 01:05 - 2010-01-06 01:05 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-06 01:05 - 2010-01-06 01:05 - 00513288 _____ () C:\windows\system32\SimpleExt.dll
2010-08-05 00:02 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-02-26 16:44 - 2012-02-26 16:43 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2012-02-26 16:44 - 2012-02-26 16:43 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2012-02-26 16:44 - 2012-02-26 16:43 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2012-02-26 16:44 - 2012-02-26 16:43 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2012-02-26 16:44 - 2012-02-26 16:43 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2012-02-26 16:44 - 2012-02-26 16:43 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-10-04 09:54 - 2013-10-04 09:52 - 00518472 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
2010-01-06 01:06 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-01-06 01:06 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-04 09:55 - 2013-10-04 09:52 - 00141128 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
2013-10-01 00:55 - 2013-10-01 00:55 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-10 20:08 - 2013-09-10 20:08 - 16177544 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2008-06-12 02:46 - 2008-06-12 02:46 - 08413184 _____ () c:\program files\adobe\acrobat 9.0\acrobat\exlang32.deu
2008-06-12 02:22 - 2008-06-12 02:22 - 01708032 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU
2008-06-12 00:00 - 2008-06-12 00:00 - 00237568 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\sqlite.dll
2008-05-07 21:33 - 2008-05-07 21:33 - 00417792 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll
2008-06-12 02:22 - 2008-06-12 02:22 - 00102400 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU
2008-06-12 02:27 - 2008-06-12 02:27 - 00005120 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\Updater.DEU

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2013 05:15:10 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/06/2013 02:21:35 PM) (Source: Application Hang) (User: )
Description: Programm Kleio.exe, Version 1.6.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10c0

Startzeit: 01cec28e7c206640

Endzeit: 20

Anwendungspfad: C:\Program Files\Kleio\Kleio.exe

Berichts-ID:

Error: (10/06/2013 02:20:34 PM) (Source: Application Hang) (User: )
Description: Programm Kleio.exe, Version 1.6.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a28

Startzeit: 01cec28e33619f0d

Endzeit: 20

Anwendungspfad: C:\Program Files\Kleio\Kleio.exe

Berichts-ID:

Error: (10/06/2013 02:08:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7504

Error: (10/06/2013 02:08:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7504

Error: (10/06/2013 02:08:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/06/2013 00:34:38 PM) (Source: Application Hang) (User: )
Description: Programm Kleio.exe, Version 1.6.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15c8

Startzeit: 01cec27c161541d3

Endzeit: 20

Anwendungspfad: C:\Program Files\Kleio\Kleio.exe

Berichts-ID:

Error: (10/06/2013 10:28:47 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSI6d5dc.LOG enthalten.

Error: (10/06/2013 10:28:47 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (10/06/2013 01:50:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007


System errors:
=============
Error: (10/06/2013 10:30:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint 2007 (KB2596764)

Error: (10/06/2013 10:27:47 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/05/2013 01:32:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint 2007 (KB2596764)

Error: (10/05/2013 01:29:45 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/04/2013 11:08:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/04/2013 11:07:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/04/2013 11:07:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (10/04/2013 02:33:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IGRS" wurde nicht richtig gestartet.

Error: (10/04/2013 02:32:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/04/2013 02:32:07 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (10/06/2013 05:15:10 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/06/2013 02:21:35 PM) (Source: Application Hang)(User: )
Description: Kleio.exe1.6.0.010c001cec28e7c20664020C:\Program Files\Kleio\Kleio.exe

Error: (10/06/2013 02:20:34 PM) (Source: Application Hang)(User: )
Description: Kleio.exe1.6.0.01a2801cec28e33619f0d20C:\Program Files\Kleio\Kleio.exe

Error: (10/06/2013 02:08:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7504

Error: (10/06/2013 02:08:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7504

Error: (10/06/2013 02:08:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/06/2013 00:34:38 PM) (Source: Application Hang)(User: )
Description: Kleio.exe1.6.0.015c801cec27c161541d320C:\Program Files\Kleio\Kleio.exe

Error: (10/06/2013 10:28:47 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603C:\windows\TEMP\MSI6d5dc.LOG(NULL)(NULL)

Error: (10/06/2013 10:28:47 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/06/2013 01:50:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3032.6 MB
Available physical RAM: 1321.75 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 3769.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:420.55 GB) (Free:107.29 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2051D46A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================
         

Aktuell poppt die Meldung aber nicht auf? Dann sind wir durch.

Fertig

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Nö, aktuell poppt die Meldung nicht mehr. Mir wäre aber schon wohler wenn das WindowsSystem erkennen würde, dass der Virus weg ist und nicht einfach die Meldung ins Archiv verschiebt und nichts mehr dazu "sagt". Zumal das Wartungscenter sonst nichts in dieses Archiv zu verschieben scheint und ich in meiner Paranoia schon spekuliere, ob diese Selbstarchivierung nicht zur Symptomatik des Virus' gehört.

Ich habs mittlerweile geschafft die Meldung zu löschen, indem ich über die Zuverlässigkeitsüberwachung des Wartungscenter auf alle Problemberichte zugegriffen habe. Dadurch ist die Meldung aus dem Archiv des Wartungscenters verschwunden.

Allerdings wurde sie gleich wieder ersetzt (durch eine Meldung über services.exe), zwar nicht im Archiv des Wartungscenters, aber unter Wartungscenter/ Zuverlässigkeitsüberwachung, wo alle Meldungen gelistet sind.

Habe hier der Vollständigkeit halber nochmals die entsprechenden Problem-Beschreibungen rausgesucht. (siehe unten).

Vielleicht fällt Dir noch was kluges dazu ein? Falls nicht bedanke ich mich an dieser Stelle herzlichst bei Dir, lieber Schrauber und Du kannst das Thema schließen. Ich wünsche weiterhin viel Spaß!

Grüße
RobertH

Ursprüngliche Beschreibung die mit der "Lösung" "Entfernen des Win32/Small.CA-Virus" verknüpft war:

Code: Alles auswählenAufklappen

ATTFilter

Beschreibung
Pfad der fehlerhaften Anwendung:	C:\Windows\System32\services.exe

Problemsignatur
Problemereignisame:	APPCRASH
Anwendungsname:	services.exe
Anwendungsversion:	6.1.7600.16385
Anwendungszeitstempel:	4a5bbf1b
Fehlermodulname:	ntdll.dll
Fehlermodulversion:	6.1.7601.18205
Fehlermodulzeitstempel:	51db96c5
Ausnahmecode:	c0000005
Ausnahmeoffset:	0002d6c9
Betriebsystemversion:	6.1.7601.2.1.0.768.3
Gebietsschema-ID:	1031
Zusatzinformation 1:	a7aa
Zusatzinformation 2:	a7aa91f17ea749d42a4de3b390fa5b3d
Zusatzinformation 3:	a7aa
Zusatzinformation 4:	a7aa91f17ea749d42a4de3b390fa5b3d

Weitere Informationen über das Problem
Bucket-ID:	3764974971
         

ersetzt wurde die Meldung mit folgender Beschreibung, die mit keiner "Lösung" mehr ergänzt wurde:

Code: Alles auswählenAufklappen

ATTFilter

Beschreibung
Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbf1b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51db96c5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d6c9
ID des fehlerhaften Prozesses: 0x240
Startzeit der fehlerhaften Anwendung: 0x01cec0469fca174b
Pfad der fehlerhaften Anwendung: C:\windows\system32\services.exe
Pfad des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll
Berichtskennung: ef198faa-2c54-11e3-a8f0-705ab64d851e
         

Mach bitte mal folgendes:

Downloade dir bitte Farbar Service Scanner

• Starte das Tool mit Doppelklick auf die FSS.exe
• Gehe sicher, dass folgende Optionen angehakt sind.
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Klicke auf Scan.
• Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

bitte sehr (vlg. auch mit den FSS scans auf Seite eins unseres Themas):

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 13-09-2013
Ran by ***** (administrator) on 08-10-2013 at 19:57:37
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-08-15 12:05] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-15 12:05] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-13 12:22] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

Grüße
Roberth