Hallo,

meine Sd-Card ist von einem Virus befallen, der Name war w32/A... den rest weis ich leider nicht mehr. Antivir habe ich durchlaufen lassen und er wurde geloescht. Mit Recovery der Sd Card auf meine Externe Festplatte, um die Bilder zu retten, wurde leider auch
der Virus wiederhergestellt. Den versuchte ich erneut mit Antivir zu loeschen.

Da ich auf Reisen bin, kann ich dies nur in Internetcafes erledigen und habe keine Namen mehr.

Jetzt sind auf meiner externen Festplatte auch keine Daten mehr, wenn ich Antivir oder der gleichen Programme durchlaufen lasse, durchsucht es noch diese Bilddatein aber findet keinen Virus.

Jetzt habe ich ein chkdsk gemacht wo leider der Computer in Phase 5 abgestuerzt ist.

Was kann ich jetzt noch tun um die Bilder zu retten oder um den Virus zu finden.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hab doch noch was gefunden

[CODE][ Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.19.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
SKZ :: IPRO001 [Administrator]

Schutz: Aktiviert

19/12/2013 15:48:01
MBAM-log-2013-12-19 (16-13-54) Toshiba.txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (F:\|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 42180
Laufzeit: 25 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 22
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019289.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019290.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019293.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019294.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019295.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019296.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019297.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019298.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019299.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019302.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019303.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019304.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019305.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019306.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{45F95697-72AC-4BCC-9F48-C82128318B5C}\RP50\A0017849.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005404.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005416.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005421.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005422.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005423.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005424.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.
F:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005425.exe (Worm.AutoRun) -> Keine Aktion durchgeführt.

(Ende)
/CODE]

Mit demToll Kommt das hier.
Es geht mir aber nur um die Externe Festplatte F



FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 05
Ran by SKZ (administrator) on IPRO001 on 19-12-2013 17:14:11
Running from C:\Documents and Settings\SKZ\Local Settings\Temporary Internet Files\Content.IE5\H3WRTFMD
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Documents and Settings\All Users\Application Data\GarenaCIG\3.0.881\GarenaCIG.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Richtech\DlxpServ\RTDXMCLN.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(artArmin) C:\Program Files\Vista Drive Icon\DrvIcon.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
() C:\Documents and Settings\All Users\Application Data\GarenaCIG\3.0.881\GarenaCIG.exe
(Asiasoft Corporation Plc.) C:\WINDOWS\system32\pmclient.exe
(mediaweb) C:\WINDOWS\system32\pmAgent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\SKZ\Local Settings\Temporary Internet Files\Content.IE5\H3WRTFMD\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [DrvIcon] - C:\Program Files\Vista Drive Icon\DrvIcon.exe [49152 2008-04-13] (artArmin)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3080264 2013-01-09] (ESET)
HKLM\...\Run: [CltStatus] - C:\Program Files\Richtech\DlxpServ\CltStat.exe
HKLM\...\Run: [USB Security] - C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [AutoRun] - C:\WINDOWS\system32\AutoStarter.exe [36864 2009-09-09] (Mediaweb,Inc.)
HKLM\...\Run: [GarenaCIG] - C:\Documents and Settings\All Users\Application Data\GarenaCIG\3.0.881\GarenaCIG.exe [1045208 2013-11-06] ()
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\RTDXPENG: C:\Windows\system32\rtdxpeng.dll (RichTech)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-09] ()
BootExecute: 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PMEPObj Class - {2DFE5FD7-F7B3-47F0-93EC-A8FF6703B4AE} - C:\WINDOWS\system32\pmep.dll (Mediaweb,Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {27AD4028-716B-4383-B8FA-A94C6CFCEC37} hxxp://btr.gg.in.th/Spec1/ActiveX/WZOBCmnCtrl.cab
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} https://secure1.playfps.com/play/ava/ax/WebLauncher.cab
DPF: {35C208B2-BE9E-4438-A773-5860869AD17B} https://secure6.playpark.com/play/giga/ax/GigaSlaveLauncher.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282930497625
DPF: {8E82893F-7ED1-4811-A247-580DCC0E2629} hxxp://sf-web.gg.in.th/activex/StarterSFTDE.cab
DPF: {E36243CC-151D-4A46-A6C1-0AD8BE2C2FCC} https://secure2.playpark.com/play/fs/ax/FSTHGameUpdaterContral.cab
DPF: {FA73B1B9-D6F0-4420-AEB4-B3C973B2A115} hxxp://update.hitsplay.com:8080/UniUpdTool/system/NCLauncher.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{616C1952-4954-4F5D-B99B-009DF0A949E7}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\SKZ\Application Data\Mozilla\Firefox\Profiles\028forh5.default
FF Homepage: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.th
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Documents and Settings\SKZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\SKZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\SKZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\SKZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Documents and Settings\SKZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [974944 2011-09-22] (ESET)
R2 GarenaCIG; C:\Documents and Settings\All Users\Application Data\GarenaCIG\3.0.881\GarenaCIG.exe [1045208 2013-11-06] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4943392 2012-12-04] (INCA Internet Co., Ltd.)
R2 RTDXMCLN; C:\Program Files\Richtech\DlxpServ\RTDXMCLN.exe [28672 2007-07-04] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 NVSvc; %SystemRoot%\system32\nvsvc32.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [154136 2011-08-09] (ESET)
R3 eaps2kbd; C:\Windows\System32\DRIVERS\eaps2kbd.sys [24035 2001-12-29] (Compaq Computer Corp.)
R1 eawdmfd; C:\Windows\System32\DRIVERS\eawdmfd.sys [24348 1999-10-30] (Compaq Computer Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [103112 2011-08-04] (ESET)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2008-04-14] (Microsoft Corporation)
S3 Inport; C:\Windows\System32\DRIVERS\inport.sys [13056 2001-08-17] (Microsoft Corporation)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R0 Richboot; C:\Windows\System32\Drivers\Richboot.sys [10752 2010-05-14] (Shanghai Richtech Co., Ltd)
R0 Richdisk; C:\Windows\System32\Drivers\Richdisk.sys [41600 2010-10-27] (Shanghai Richtech Co., Ltd)
R0 Richndis; C:\Windows\System32\Drivers\Richndis.sys [9856 2007-12-07] (Shanghai Richtech Co., Ltd)
R0 Rtbootxp; C:\Windows\System32\Drivers\Rtbootxp.sys [10112 2007-10-18] (RichTech)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [3733760 2009-05-20] (Realtek Semiconductor Corp.)
S0 Rthookfs; C:\Windows\System32\Drivers\Rthookfs.sys [13712 2006-04-28] ()
S3 RTKCPFXP; C:\Program Files\Richtech\DlxpServ\RTKCPFXP.SYS [6348 2007-07-04] ()
R0 RTLE8023xp; C:\Windows\System32\PnpDrvs\Rtenicxp.sys [277352 2011-01-14] (Realtek Semiconductor Corporation                           )
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
R4 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
S1 SMBALI; system32\DRIVERS\SMBALI.sys [x]
S1 SMBHC; system32\DRIVERS\SMBHC.sys [x]
S3 usbohci; system32\DRIVERS\usbohci.sys [x]
S3 vtany; \??\C:\WINDOWS\vtany.sys [x]
U1 WS2IFSL; 
S3 XDva401; \??\C:\WINDOWS\system32\XDva401.sys [x]
S3 XDva402; \??\C:\WINDOWS\system32\XDva402.sys [x]
S3 XDva403; \??\C:\WINDOWS\system32\XDva403.sys [x]
S3 XDva404; \??\C:\WINDOWS\system32\XDva404.sys [x]
S3 XDva405; \??\C:\WINDOWS\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-19 17:14 - 2013-12-19 17:14 - 00000000 ____D C:\FRST
2013-12-19 15:34 - 2013-12-19 15:34 - 00000790 _____ C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Documents and Settings\SKZ\Application Data\Malwarebytes
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-19 15:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2013-12-19 17:14 - 2013-12-19 17:14 - 00000000 ____D C:\FRST
2013-12-19 17:14 - 2013-01-09 21:27 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 17:10 - 2013-01-09 20:57 - 00000000 ____D C:\Documents and Settings\SKZ\Application Data\Skype
2013-12-19 17:10 - 2013-01-09 19:44 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{654482D3-BFDD-4745-9278-F0134892AFAB}.job
2013-12-19 16:28 - 2013-01-09 21:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-19 16:14 - 2013-01-09 21:27 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 16:13 - 2013-01-09 19:41 - 00000000 ____D C:\Documents and Settings\SKZ\Local Settings\Application Data\ESET
2013-12-19 15:39 - 2013-01-09 20:34 - 00000000 ____D C:\Documents and Settings\SKZ\Local Settings\Application Data\PMB Files
2013-12-19 15:34 - 2013-12-19 15:34 - 00000790 _____ C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Documents and Settings\SKZ\Application Data\Malwarebytes
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-19 15:34 - 2013-12-19 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-19 15:28 - 2013-10-28 07:28 - 08699272 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-12-19 15:28 - 2013-01-09 21:17 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-19 15:28 - 2013-01-09 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-19 15:13 - 2013-01-09 19:44 - 00588670 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-19 15:10 - 2013-01-09 19:44 - 00670664 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-19 15:10 - 2013-01-09 19:43 - 00346554 _____ C:\WINDOWS\setupapi.log
2013-12-19 15:09 - 2013-01-09 21:58 - 00000075 _____ C:\WINDOWS\system32\epData.ini
2013-12-19 15:09 - 2013-01-09 21:58 - 00000030 _____ C:\Tv.ini
2013-12-19 15:09 - 2013-01-09 21:58 - 00000019 _____ C:\WINDOWS\system32\Regwpa.xms
2013-12-19 15:09 - 2013-01-09 21:58 - 00000018 _____ C:\Sv.ini
2013-12-19 15:09 - 2013-01-09 20:57 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-12-19 15:09 - 2013-01-09 19:44 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-19 15:09 - 2013-01-09 19:44 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-19 15:09 - 2013-01-09 19:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-19 15:09 - 2013-01-09 19:42 - 00018974 _____ C:\richdres.log
2013-12-19 05:03 - 2013-01-09 19:43 - 00032542 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-19 05:03 - 2013-01-09 19:41 - 00000178 ___SH C:\Documents and Settings\SKZ\ntuser.ini
2013-12-19 04:50 - 2013-01-09 19:50 - 00000000 ____D C:\Program Files\Garena Plus
2013-12-19 04:49 - 2013-01-09 19:44 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-04 04:30 - 2013-10-22 06:56 - 00000000 ____D C:\Documents and Settings\SKZ\Local Settings\TempKOF

Some content of TEMP:
====================
C:\Documents and Settings\SKZ\Local Settings\Temp\3a6ff00fcaaacc9d83535a5a70fb5ffc.dll
C:\Documents and Settings\SKZ\Local Settings\Temp\7z.dll
C:\Documents and Settings\SKZ\Local Settings\Temp\bdfilters.dll
C:\Documents and Settings\SKZ\Local Settings\Temp\c65209f0d8f95345586d32debae2b89d.dll
C:\Documents and Settings\SKZ\Local Settings\Temp\CSOLauncher.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\fe3f4488b0.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\fmodex.dll
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20130709to20130712.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20130712to20130717.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20130717to20130807.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20130807to20130812.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20130812to20130830.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20130830to20131007.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20131007to20131104.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\Garena_FO3TH_patcher_20131104to20131202.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2062800.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2062901.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2063000.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2063100.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2063301.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2063400.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_2063500.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000004.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000008.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000100.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000200.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000300.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000400.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000500.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000600.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000700.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000800.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3000900.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010000.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010100.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010200.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010301.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010302.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010401.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3010601.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020000.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020101.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020201.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020203.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020301.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020401.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020502.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020504.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020600.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020701.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020900.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3020902.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3021001.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3030001.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\patch_3030003.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1001.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1002.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1003.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1004.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1005.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1006.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1007v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1008.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1009v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1010.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1011.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1012.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1013.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1014.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1015.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1016.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1017.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1018.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1019v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1020.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1021.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1022v5.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1023.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1024.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1025.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1026v3.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1027.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1028.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1029.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1030.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1031.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1032v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1033.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1034.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1035.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1036.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1037.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1038.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1039.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1040v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1041.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1042.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1043.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1044.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1045.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1046.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1047.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1048.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1049.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1050.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\PointBlank_GarenaPlus_Patch_1051.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\RockNESX.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\snes9x.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\swt-win32-3740.dll
C:\Documents and Settings\SKZ\Local Settings\Temp\TH303_patch_130221to130307.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH305_balance_patch_130404to130412.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH305_patch_130322to130404.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH314_131114to131127v3.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_130513to130522_307.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_130618to130619_309v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_130717to130718_309.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_130802to130827_310_hotfix.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_130913to131016_312.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_131127to131217v315v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_306_hotfix_130502to130503.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_306_hotfix_130503to130513.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_306_patch_130412to130502.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_308_130530to130618v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_310_130718to130802.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_311_130827to130911_3.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_311_130911to130913.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_313hotfix_131104to131114.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_313_131016to131104v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_hotfix_130522to130530_307.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_hotfix_308_130618to130619.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch304_130307to130321.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch304_130321to130322.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121115to121213.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121213to121214_2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121214to121215.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121215to121219v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121219to121221.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121221to121222.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_121222to130124.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_130124to130207.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_130207to130208.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_130208to130212.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\TH_patch_130212to130221v2.exe
C:\Documents and Settings\SKZ\Local Settings\Temp\_isC2.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2013-01-09 19:44] - [2008-04-14 19:00] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185 

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 05
Ran by SKZ at 2013-12-19 17:14:33
Running from C:\Documents and Settings\SKZ\Local Settings\Temporary Internet Files\Content.IE5\H3WRTFMD
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 5.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

@Cafe Solution Client
A.V.A (Version: 3.07)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader X (10.1.5) (Version: 10.1.5)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Asiasoft ActiveX (Version: 1.0.0)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.14.3.0)
Audition (Version: 14.1.4)
Bandisoft MPEG-1 Decoder
BatteryOnline[Thailand]_V12.0911 (Version: 1.0.0.1)
Camfrog Video Chat 6.3 (Version: 6.3.223)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0727.2122.36516)
Catalyst Control Center Graphics Previews Common (Version: 2012.0727.2122.36516)
Catalyst Control Center InstallProxy (Version: 2012.0727.2122.36516)
Catalyst Control Center Localization All (Version: 2012.0727.2122.36516)
CCC Help Chinese Standard (Version: 2012.0727.2121.36516)
CCC Help Chinese Traditional (Version: 2012.0727.2121.36516)
CCC Help Czech (Version: 2012.0727.2121.36516)
CCC Help Danish (Version: 2012.0727.2121.36516)
CCC Help Dutch (Version: 2012.0727.2121.36516)
CCC Help English (Version: 2012.0727.2121.36516)
CCC Help Finnish (Version: 2012.0727.2121.36516)
CCC Help French (Version: 2012.0727.2121.36516)
CCC Help German (Version: 2012.0727.2121.36516)
CCC Help Greek (Version: 2012.0727.2121.36516)
CCC Help Hungarian (Version: 2012.0727.2121.36516)
CCC Help Italian (Version: 2012.0727.2121.36516)
CCC Help Japanese (Version: 2012.0727.2121.36516)
CCC Help Korean (Version: 2012.0727.2121.36516)
CCC Help Norwegian (Version: 2012.0727.2121.36516)
CCC Help Polish (Version: 2012.0727.2121.36516)
CCC Help Portuguese (Version: 2012.0727.2121.36516)
CCC Help Russian (Version: 2012.0727.2121.36516)
CCC Help Spanish (Version: 2012.0727.2121.36516)
CCC Help Swedish (Version: 2012.0727.2121.36516)
CCC Help Thai (Version: 2012.0727.2121.36516)
CCC Help Turkish (Version: 2012.0727.2121.36516)
ccc-utility (Version: 2012.0727.2122.36516)
Counter-Strike Online Client (Version: Client)
Cybergames
DlxpV3.7 Build0483
Dragon Nest (Version: 1.0.63)
Dual-Core Optimizer (Version: 1.1.3.0161)
EA SPORTS FIFA ONLINE 2 (Version: B0626.1)
EliteForces 0.9.0.2121 (Version: 0.9.0.2121)
ESET NOD32 Antivirus (Version: 5.0.95.0)
Football City Stars (Version: 1.5)
FreeStyle
Garena - FIFA ONLINE 3(Thailand)
Garena - Heroes of Newerth
Garena - League of Legends
Garena Plus (Version: 2011)
GigaSlave (Version: 78)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
iColorFolder
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.0.2.1)
Junk Mail filter update (Version: 14.0.8089.726)
KingOfGun1.0.0.321.exe (Version: 1.0.0.321)
K-Lite Codec Pack 6.3.0 (Full) (Version: 6.3.0)
KOFOnline 1.04 (Version: 1.04)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Drivers (Version: 1.10)
NVIDIA PhysX (Version: 9.10.0129)
Pando Media Booster (Version: 2.6.0.8)
PangYa_Th (NtreevSoft)
PlayNCLauncher
PointBlank (Version: 1.00.0000)
Ragnarok Online (Version: 13.3.1)
Raycity Online
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6526)
S4League (Version: 2.10)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.8 (Version: 5.8.156)
Special Force(remove only)
SuperStar
TalesRunner 1.1169_20111018 (Version: 1.1169_20111018)
Talesrunner Launcher 1.0
TeamSpeak 3 Client (Version: 3.0.6)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Disk Security
Vista Drive Icon 1.4 (Version: 1.4)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Your Uninstaller! 2010 (Version: 7.0)
Zone4

==================== Restore Points  =========================


==================== Hosts content: ==========================

2013-01-09 19:44 - 2013-01-20 00:19 - 00000561 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost 
127.0.0.1 tone.com 
127.0.0.1 ad.doubleclick.net 
127.0.0.1 secure.registeridm.com 
127.0.0.1 www.tonec.com 
127.0.0.1 registeridm.com 
127.0.0.1 www.hao123.com 
127.0.0.1 www.registeridm.com 
127.0.0.1 www.reborn-ran.com 
127.0.0.1 ran-redbull.no-ip.org 
127.0.0.1 internetdownloadmanager.com 
127.0.0.1 www.internetdownloadmanager.com 
127.0.0.1 secure.internetdownloadmanager.com 
127.0.0.1 mirror.internetdownloadmanager.com 
127.0.0.1 mirror2.internetdownloadmanager.com 
127.0.0.1 mirror3.internetdownloadmanager.com 


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{654482D3-BFDD-4745-9278-F0134892AFAB}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-01-09 19:42 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-09 19:43 - 2008-04-14 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2013-01-09 19:44 - 2008-04-14 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-01-09 19:44 - 2010-02-06 01:27 - 01291776 _____ () C:\WINDOWS\system32\quartz.dll
2013-01-09 19:44 - 2008-04-14 19:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2013 03:09:28 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/19/2013 05:02:42 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/19/2013 04:49:46 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/15/2013 07:54:13 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/15/2013 07:48:40 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/05/2013 07:27:46 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/05/2013 07:22:44 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/05/2013 07:16:59 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/04/2013 04:32:56 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/04/2013 04:22:54 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service%%2


System errors:
=============
Error: (10/23/2013 09:44:02 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (10/22/2013 07:04:46 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (10/18/2013 06:04:47 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (09/21/2013 07:16:42 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (09/07/2013 07:19:00 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (08/01/2013 05:15:26 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (07/30/2013 07:20:00 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (07/18/2013 03:32:09 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (06/22/2013 07:11:56 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.

Error: (06/20/2013 05:48:39 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{616C1952-4954-4F5D-B99B-009DF0A949E7}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================
Error: (12/19/2013 03:09:28 PM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/19/2013 05:02:42 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/19/2013 04:49:46 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/15/2013 07:54:13 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/15/2013 07:48:40 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/05/2013 07:27:46 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/05/2013 07:22:44 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/05/2013 07:16:59 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/04/2013 04:32:56 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2

Error: (12/04/2013 04:22:54 AM) (Source: Service Control Manager)(User: )
Description: NVIDIA Display Driver Service%%2


==================== Memory info =========================== 

Percentage of memory in use: 67%
Total physical RAM: 3062.13 MB
Available physical RAM: 993.56 MB
Total Pagefile: 9039.48 MB
Available Pagefile: 7130.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.25 MB

==================== Drives ================================

Drive c: (iProXP) (Fixed) (Total:19.99 GB) (Free:3.91 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (GAME_HIT) (Fixed) (Total:97.99 GB) (Free:65.42 GB) NTFS
Drive e: (Game Others) (Fixed) (Total:117.99 GB) (Free:64.5 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:693.42 GB) NTFS
Drive i: (EOS_DIGITAL) (Removable) (Total:29.71 GB) (Free:8.34 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 20 GB) (Disk ID: 71F7309F)
Partition 1: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 98 GB) (Disk ID: 71FEC95A)
Partition 1: (Not Active) - (Size=98 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 118 GB) (Disk ID: 71FEC95B)
Partition 1: (Not Active) - (Size=118 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: F64D4D93)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================
         

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
  Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
  Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
  Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
  Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es eine Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dafuer musste ich den Rechner wechseln um das Programm ordnungsgemaes auszufuehren, soweit ich das sehe steht hier nichts ueber mein externes Laufwerk Toschiba E:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-12-18.01 - PC 12/20/2013  18:23:04.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.874.66.1033.18.3055.2287 [GMT 7:00]
Running from: c:\users\PC\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\d4s.hst
c:\windows\kawai2004.hst
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-20 to 2013-12-20  )))))))))))))))))))))))))))))))
.
.
2013-12-20 11:26 . 2013-12-20 11:26	--------	d-----w-	c:\users\PC\AppData\Local\temp
2013-12-20 11:26 . 2013-12-20 11:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-12 04:44 . 2013-11-23 18:26	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-12-12 04:44 . 2013-11-12 02:07	2048	----a-w-	c:\windows\system32\tzres.dll
2013-12-12 04:44 . 2013-10-30 02:19	301568	----a-w-	c:\windows\system32\msieftp.dll
2013-12-12 04:44 . 2013-10-19 01:36	159232	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-12 04:44 . 2013-10-12 02:04	121856	----a-w-	c:\windows\system32\wshom.ocx
2013-12-12 04:44 . 2013-10-12 02:03	163840	----a-w-	c:\windows\system32\scrrun.dll
2013-12-12 04:44 . 2013-10-12 01:15	141824	----a-w-	c:\windows\system32\wscript.exe
2013-12-12 04:44 . 2013-10-12 01:15	126976	----a-w-	c:\windows\system32\cscript.exe
2013-12-12 04:44 . 2013-10-04 01:49	81408	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-12-12 04:44 . 2013-10-04 01:17	177152	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-12-12 04:44 . 2013-10-30 01:27	2349056	----a-w-	c:\windows\system32\win32k.sys
2013-11-29 08:35 . 2013-11-29 08:35	--------	d-----w-	c:\users\PC\AppData\Local\Sniper Elite Nazi Zombie Army 2
2013-11-29 08:35 . 2013-11-29 08:35	--------	d-----w-	c:\users\PC\AppData\Local\EMU
2013-11-27 04:55 . 2013-11-27 04:55	--------	d-----w-	c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-19 04:41 . 2013-08-26 14:37	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-19 04:41 . 2013-08-26 14:37	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-10-30 01:52 . 2013-10-30 01:52	25424	------w-	c:\windows\system32\apl005.sys
2013-10-30 01:52 . 2013-10-30 01:52	14160	------w-	c:\windows\system32\apf005.sys
2013-10-27 20:03 . 2013-08-26 16:47	4720008	----a-w-	c:\windows\system32\GameMon.des
2013-10-12 02:03 . 2013-11-13 11:13	656896	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 11:13	679424	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-13 11:13	216576	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-08 00:50 . 2013-10-19 11:29	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57 . 2013-11-13 11:13	1168384	----a-w-	c:\windows\system32\crypt32.dll
2013-10-04 01:58 . 2013-11-13 11:14	152576	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 11:14	168960	----a-w-	c:\windows\system32\credui.dll
2013-10-04 01:56 . 2013-11-13 11:14	1796096	----a-w-	c:\windows\system32\authui.dll
2013-10-03 01:58 . 2013-11-13 11:13	305152	----a-w-	c:\windows\system32\gdi32.dll
2013-10-02 02:46 . 2013-11-13 11:17	3072	----a-w-	c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-10-02 00:42 . 2013-11-13 11:17	49152	----a-w-	c:\windows\system32\drivers\TsUsbFlt.sys
2013-10-02 00:32 . 2013-11-13 11:17	12800	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 00:30 . 2013-11-13 11:17	14336	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 00:14 . 2013-11-13 11:17	50176	----a-w-	c:\windows\system32\MsRdpWebAccess.dll
2013-10-02 00:14 . 2013-11-13 11:17	17920	----a-w-	c:\windows\system32\wksprtPS.dll
2013-10-01 23:58 . 2013-11-13 11:17	53248	----a-w-	c:\windows\system32\tsgqec.dll
2013-10-01 23:45 . 2013-11-13 11:17	32256	----a-w-	c:\windows\system32\TsUsbGDCoInstaller.dll
2013-10-01 23:08 . 2013-11-13 11:17	855552	----a-w-	c:\windows\system32\rdvidcrl.dll
2013-10-01 23:00 . 2013-11-13 11:17	76288	----a-w-	c:\windows\system32\TSWbPrxy.exe
2013-10-01 22:53 . 2013-11-13 11:17	350208	----a-w-	c:\windows\system32\wksprt.exe
2013-10-01 22:34 . 2013-11-13 11:17	1068544	----a-w-	c:\windows\system32\mstsc.exe
2013-10-01 20:55 . 2013-11-13 11:17	5698048	----a-w-	c:\windows\system32\mstscax.dll
2013-09-25 02:01 . 2013-11-13 11:13	136640	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01 . 2013-11-13 11:13	67520	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57 . 2013-11-13 11:13	792576	----a-w-	c:\windows\system32\TSWorkspace.dll
2013-09-25 01:57 . 2013-11-13 11:13	99840	----a-w-	c:\windows\system32\sspicli.dll
2013-09-25 01:57 . 2013-11-13 11:13	22016	----a-w-	c:\windows\system32\secur32.dll
2013-09-25 01:57 . 2013-11-13 11:13	247808	----a-w-	c:\windows\system32\schannel.dll
2013-09-25 01:56 . 2013-11-13 11:13	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-09-25 01:56 . 2013-11-13 11:13	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2013-09-25 00:49 . 2013-11-13 11:13	22016	----a-w-	c:\windows\system32\lsass.exe
2013-09-25 00:49 . 2013-11-13 11:13	15872	----a-w-	c:\windows\system32\sspisrv.dll
2013-09-23 15:37 . 2013-08-27 17:19	138032	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2013-09-23 15:37 . 2013-08-27 15:48	281688	----a-w-	c:\windows\system32\PnkBstrB.exe
2013-09-23 15:37 . 2013-08-27 15:48	281688	----a-w-	c:\windows\system32\PnkBstrB.xtr
2013-09-23 15:33 . 2013-08-27 15:48	281688	----a-w-	c:\windows\system32\PnkBstrB.ex0
2013-09-23 14:16 . 2013-08-26 14:38	811520	----a-w-	c:\windows\system32\user32.dll
2013-09-23 14:16 . 2013-08-26 14:38	409088	----a-w-	c:\windows\system32\systemcpl.dll
2013-09-23 14:16 . 2013-08-26 14:38	13824	----a-w-	c:\windows\system32\slwga.dll
2013-09-22 16:07 . 2013-09-22 16:07	16304	------w-	c:\windows\system32\apl003.sys
2013-09-22 16:07 . 2013-09-22 16:07	13232	------w-	c:\windows\system32\apf003.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-09-23 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{434D472D-5637-006A-76A7-7A786E7484D7}]
2013-11-06 19:17	12240	----a-w-	c:\program files\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{434D472D-5637-006A-76A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" [2013-11-06 12240]
.
[HKEY_CLASSES_ROOT\clsid\{434d472d-5637-006a-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proxifier"="c:\program files\Proxifier\proxifier.exe" [2007-11-15 696320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NetBarC"="c:\program files\Richtech\392\Dlxp\NetBarC.exe" [2009-05-06 65536]
"iWebClient"="c:\+client\iWebClient.Exe" [2013-08-16 12876288]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-11-06 1707472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GarenaCIG"="c:\programdata\GarenaCIG\3.0.881\GarenaCIG.exe" [2013-11-05 1045208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDevMgrPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RTDXPENG]
2008-09-08 17:00	65536	----a-w-	c:\windows\System32\RTDXPENG.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
R0 Rthookfs;Rthookfs; [x]
R2 RTDXMCLN;ResetService;c:\program files\Richtech\Dlxp\ResetService.exe [2011-03-25 28160]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-08-15 85160]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-08-15 177832]
R3 apf003;apf003;c:\windows\system32\apf003.sys [2013-09-22 13232]
R3 apf005;apf005;c:\windows\system32\apf005.sys [2013-10-30 14160]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2013-10-27 4720008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-05-15 14848]
R3 RFLTADXP;RFLTADXP;c:\windows\system32\drivers\RFLTADXP.SYS [2008-10-27 7808]
R3 RTKCPFXP;RTKCPFXP;c:\program files\Richtech\392\Dlxp\RTKCPFXP.SYS [2010-08-05 6400]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-05-15 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-05-15 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-23 1343400]
R3 XDva402;XDva402;c:\windows\system32\XDva402.sys [x]
R3 XDva403;XDva403;c:\windows\system32\XDva403.sys [x]
R3 XDva404;XDva404;c:\windows\system32\XDva404.sys [x]
R3 XDva405;XDva405;c:\windows\system32\XDva405.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 richboot;richboot; [x]
S0 richdisk;richdisk;c:\windows\system32\DRIVERS\richdisk.sys [2010-10-26 40960]
S0 richndis;richndis; [x]
S0 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 219136]
S2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-11-06 166352]
S2 GarenaCIG;Garena Cafe Service;c:\programdata\GarenaCIG\3.0.881\GarenaCIG.exe  --service [x]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-01-15 80384]
S3 dwlkbf;dwlkbf; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 10:21	1210320	----a-w-	c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-26 04:41]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-26 05:24]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-26 05:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.th/
mStart Page = hxxp://www.google.co.th/
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: Interfaces\{005EFD2B-111D-4DB1-8446-DF6DD509CBF7}: NameServer = 110.164.252.222,110.164.252.223
DPF: {50044F17-DB8F-4001-9384-AA4DC2AAA11F} - hxxp://www.talesrunner.in.th/TRLauncher4.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-CltStatus - c:\program files\Richtech\Dlxp\CltStat.exe
HKLM-Run-tvx - c:\windows\system32\tvnserver.exe
.
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-20  18:27:18
ComboFix-quarantined-files.txt  2013-12-20 11:27
.
Pre-Run: 119,035,359,232 bytes free
Post-Run: 121,673,334,784 bytes free
.
- - End Of File - - 6CEC2F89B3C430A4A8DBBFEA63D79A41
70900B4785BBE4AE85144464522D0769
         

Ich habe keine Ahnung was geschehen ist aber alle Bilder sind wieder da

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.21.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LENOVO :: LENOVO-PC [administrator]

Protection: Enabled

21/12/2556 21:59:16
MBAM-log-2556-12-21 (22-18-09).txt

Scan type: Custom scan (G:\|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 41807
Time elapsed: 18 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019289.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019290.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019293.exe (Trojan.Agent.CK) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019294.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019295.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019296.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019297.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019298.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019299.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019302.exe (Trojan.Agent.CK) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019303.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019304.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019305.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019306.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{45F95697-72AC-4BCC-9F48-C82128318B5C}\RP50\A0017849.exe (Trojan.Agent.CK) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005404.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005416.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005421.exe (Trojan.Agent.CK) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005422.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005423.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005424.exe (Worm.AutoRun) -> No action taken.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005425.exe (Worm.AutoRun) -> No action taken.

(end)
         

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.21.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LENOVO :: LENOVO-PC [administrator]

Protection: Enabled

21/12/2556 21:59:16
mbam-log-2013-12-21 (21-59-16).txt

Scan type: Custom scan (G:\|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 41807
Time elapsed: 18 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019289.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019290.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019293.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019294.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019295.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019296.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019297.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019298.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019299.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019302.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019303.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019304.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019305.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1B3F8459-4E55-4DFA-9979-C6F9C3F07F10}\RP23\A0019306.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{45F95697-72AC-4BCC-9F48-C82128318B5C}\RP50\A0017849.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005404.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005416.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005421.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005422.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005423.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005424.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{EE81D8C9-DD2B-4C8D-95E6-370F5FF0EA17}\RP17\A0005425.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

(end)
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.015 - Report created 21/12/2013 at 22:42:09
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : LENOVO - LENOVO-PC
# Running from : C:\Users\LENOVO\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : Update BrowseFox

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\BrowseFox
Folder Deleted : C:\Program Files (x86)\FreeHDSport.TV
Folder Deleted : C:\Users\LENOVO\AppData\Local\Temp\apn
Folder Deleted : C:\Users\LENOVO\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\LENOVO\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Folder Deleted : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{006232F7-DBD6-4631-84E8-66EA161B43C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\BrowseFox
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseFox

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7qc8xxv2.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5189 octets] - [21/12/2013 22:40:21]
AdwCleaner[S0].txt - [5078 octets] - [21/12/2013 22:42:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5138 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by LENOVO on Sat 12/21/2013 at 23:08:30.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2073289A-D819-445B-8E9B-4336A8D16CAA}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\LENOVO\appdata\local\{2CD44ED5-BA64-4513-9647-1FFEE8B4CB9B}
Successfully deleted: [Empty Folder] C:\Users\LENOVO\appdata\local\{4EDB6625-0A93-4B84-9BB4-C8E375822235}
Successfully deleted: [Empty Folder] C:\Users\LENOVO\appdata\local\{98B76025-C3F8-4781-8F39-46CFA3AE0191}
Successfully deleted: [Empty Folder] C:\Users\LENOVO\appdata\local\{DCB9A561-1375-4939-ABC2-427996DE907B}
Successfully deleted: [Empty Folder] C:\Users\LENOVO\appdata\local\{F75ACCD3-EE8A-4A3E-8F00-29DD107CECDE}
Successfully deleted: [Empty Folder] C:\Users\LENOVO\appdata\local\{F8B3FA95-D862-46BE-BE5B-B0735E983109}



~~~ FireFox

Emptied folder: C:\Users\LENOVO\AppData\Roaming\mozilla\firefox\profiles\7qc8xxv2.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at 23:17:06.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Das erste Programm lief erfolgreich durch mit 1 Fund, allerdings war beim schliessen das haeckchen bei uninstall. Ich denke das ist der Grund warum in dem Ordner kein Logfile war. Ich lass es nochmal durchlaufen?

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02
Ran by LENOVO at 2013-12-22 18:18:58
Running from C:\Users\LENOVO\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Adobe Photoshop (x32)
µTorrent (x32 Version: 3.3.0.29625)
ACDSee Pro 6 (x32 Version: 6.0.169)
Ace Stream Media 2.1.5.3 (HKCU Version: 2.1.5.3)
Adobe Dreamweaver CS5 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Illustrator CS5 (x32)
Adobe Reader 9.5.2 (x32 Version: 9.5.2)
Advertising Center (x32 Version: 0.0.0.2)
AIMP2 (x32)
AIMP2: Audio Tools (x32)
Angry Birds (x32 Version: 2.0.2)
Angry Birds Seasons (x32 Version: 2.0.0)
Angry Birds Space v1.0.0.2 Full (x32)
Canon Easy-PhotoPrint EX (x32)
Canon MP Navigator EX 4.0 (x32)
Canon MP250 series MP Drivers
Canon MP280 series MP Drivers
Canon My Printer (x32)
Canon Solution Menu EX (x32)
CyberLink PowerDVD 11 (x32 Version: 11.0.1719.51)
D3DX10 (x32 Version: 15.4.2368.0902)
DolbyFiles (x32 Version: 2.0)
Dropbox (HKCU Version: 2.4.10)
Energy Management (x32 Version: 6.0.2.8)
EnglishToThai (x32)
ESET NOD32 Antivirus (Version: 4.2.67.10)
FormatFactory 2.60 (x32 Version: 2.60)
Foxit Reader (x32)
GOM Player (x32 Version: 2.1.50.5145)
Google Chrome (HKCU Version: 31.0.1650.63)
Gpg4win (2.2.1) (x32 Version: 2.2.1)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (x32 Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0)
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1)
HPSSupply (x32 Version: 2.1.1.0000)
ImagXpress (x32 Version: 7.0.74.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel 2007 Help ฉบับอัพเดท (KB963678) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help ฉบับอัพเดท (KB963669) (x32)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (Thai) 2007 (x32 Version: 12.0.4518.1019)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Thai) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word 2007 Help ฉบับอัพเดท (KB963665) (x32)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (Thai) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Speech SDK 5.1 (x32 Version: 5.1.4324.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 (x32)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero CoverDesigner (x32 Version: 4.4.12.100)
Nero Disc Copy Gadget (x32 Version: 2.4.34.0)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero PhotoSnap (x32 Version: 2.4.28.0)
Nero Recode (x32 Version: 4.4.38.1)
Nero Rescue Agent (x32 Version: 2.4.14.100)
Nero ShowTime (x32 Version: 5.4.21.100)
Nero StartSmart (x32 Version: 9.4.19.100)
Nero Vision (x32 Version: 6.4.16.100)
Nero WaveEditor (x32 Version: 5.4.37.1)
NeroBurningROM (x32 Version: 9.4.26.100)
NeroExpress (x32 Version: 9.4.26.100)
neroxml (x32 Version: 1.0.0)
PhotoScape (x32)
Sipa Font Installer 1.0 (x32 Version: 1.0)
Skype™ 6.7 (x32 Version: 6.7.102)
SopCast 3.8.3 (x32 Version: 3.8.3)
Sopcast Toolbar (x32 Version: 12.10.0.2915)
SoundTrax (x32 Version: 4.4.37.1)
StreamTorrent 1.0 (x32)
Thai Translator Tool (x32)
ThaiSoftware Dictionary v.7.0 (x32 Version: v.7.0)
The KMPlayer 3.0.0.1438 (CUDA+HAM) (x32)
UltraISO Premium V9.36 (x32)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
WebcamMax (x32 Version: 7.5.0.2.MultiLanguage)
Winamp (x32 Version: 5.621 )
Windows Driver Package - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1) (Version: 08/04/2011 6.1.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Sidebar 1.6 (x32)
WinRAR 5.00 beta 6 (32-bit) (x32 Version: 5.00.6)
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

21-11-2013 03:09:53 Scheduled Checkpoint
02-12-2013 05:06:42 Scheduled Checkpoint
16-12-2013 06:39:49 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 09:34 - 2012-11-27 15:14 - 00001518 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       ood.opsource.net
127.0.0.1       CRL.VERISIGN.NET
127.0.0.1       adobeereg.com
127.0.0.1       OCSP.SPO1.VERISIGN.COM
127.0.0.1       activate-sea.adobe.com
127.0.0.1       adobeereg.com


==================== Scheduled Tasks (whitelisted) =============

Task: {072A9D16-C344-4356-90D3-B6C6E6DB8E77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1034996575-3078625947-906141591-1000Core => C:\Users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06] (Google Inc.)
Task: {1626B395-B992-4157-84F8-A277D0130F18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {62758F77-72EF-48E3-8C56-972C22D4D4D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1034996575-3078625947-906141591-1000UA => C:\Users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06] (Google Inc.)
Task: {EA058CAD-8EC3-4CFE-B6F6-ED756393C006} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1034996575-3078625947-906141591-1000
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034996575-3078625947-906141591-1000Core.job => C:\Users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034996575-3078625947-906141591-1000UA.job => C:\Users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-14 18:05 - 2010-12-14 18:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2011-03-25 17:28 - 2011-03-25 17:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 03:20 - 2012-11-27 17:23 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 03:20 - 2012-11-27 17:23 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-10-07 21:49 - 2013-10-07 21:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 21:47 - 2013-10-07 21:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 21:44 - 2013-10-07 21:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 21:49 - 2013-10-07 21:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 21:49 - 2013-10-07 21:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-08-15 03:40 - 2013-11-07 17:40 - 00120832 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 20:09 - 2011-06-12 20:09 - 00038400 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 20:09 - 2011-06-12 20:09 - 00720896 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-03-29 16:57 - 2013-03-29 16:57 - 00018944 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2013-08-15 03:49 - 2013-11-07 17:40 - 02490880 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00287232 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00106496 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00011776 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-19 04:56 - 2011-01-19 04:56 - 00334336 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00152576 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2012-02-07 23:37 - 2012-02-07 23:37 - 00098816 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 23:35 - 2012-02-07 23:35 - 00110080 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 23:38 - 2012-02-07 23:38 - 00358912 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 23:36 - 2012-02-07 23:36 - 00111616 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 23:36 - 2012-02-07 23:36 - 00024064 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 05:23 - 2010-10-11 05:23 - 00723968 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 23:20 - 2013-01-29 23:20 - 00082944 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-02-13 22:02 - 2011-02-13 22:02 - 00031232 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2011-07-16 02:37 - 2011-07-16 02:37 - 00981504 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00746496 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00670720 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00966144 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00674816 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00688128 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-01-29 23:20 - 2013-01-29 23:20 - 00066048 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2013-08-24 02:01 - 2013-08-24 02:01 - 25100288 _____ () C:\Users\LENOVO\AppData\Roaming\Dropbox\bin\libcef.dll
2011-06-12 20:09 - 2011-06-12 20:09 - 00038400 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 20:09 - 2011-06-12 20:09 - 00720896 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-16 02:37 - 2011-07-16 02:37 - 00981504 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00746496 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00670720 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00966144 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-16 02:38 - 2011-07-16 02:38 - 00674816 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00287232 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-19 04:56 - 2011-01-19 04:56 - 00334336 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00011776 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 20:06 - 2011-06-12 20:06 - 00152576 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 23:37 - 2012-02-07 23:37 - 00098816 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 23:35 - 2012-02-07 23:35 - 00110080 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 23:38 - 2012-02-07 23:38 - 00358912 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 23:36 - 2012-02-07 23:36 - 00111616 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 23:36 - 2012-02-07 23:36 - 00024064 _____ () C:\Users\LENOVO\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2013-12-06 12:38 - 2013-12-04 09:47 - 00702416 _____ () C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 12:38 - 2013-12-04 09:47 - 00099792 _____ () C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 12:38 - 2013-12-04 09:48 - 04055504 _____ () C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 12:38 - 2013-12-04 09:48 - 00399312 _____ () C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 12:38 - 2013-12-04 09:47 - 01619408 _____ () C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 12:38 - 2013-12-04 09:48 - 13586896 _____ () C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\LENOVO\Desktop\Nick passport.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2013 02:05:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2013 02:01:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 00:59:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/22/2013 00:59:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/22/2013 00:58:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/22/2013 10:59:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 07:03:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/22/2013 07:03:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/22/2013 07:03:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/22/2013 06:42:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/22/2013 06:38:08 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service failed to start due to the following error: 
%%1053

Error: (12/22/2013 06:38:08 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP LaserJet Service service to connect.


Microsoft Office Sessions:
=========================
Error: (11/04/2013 01:14:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 4039.73 MB
Available physical RAM: 1692.16 MB
Total Pagefile: 8077.65 MB
Available Pagefile: 5726.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:19.37 GB) NTFS
Drive d: (DATA) (Fixed) (Total:195.31 GB) (Free:178.53 GB) NTFS
Drive e: (DATA) (Fixed) (Total:303.2 GB) (Free:294.3 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:694.72 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:298.06 GB) (Free:16.93 GB) NTFS
Drive i: () (Removable) (Total:29.8 GB) (Free:0.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=303 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: F64D4D93)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 00028ACA)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================
         

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
ESET NOD32 Antivirus 4.2   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (26.0) 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
         

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=55507d69fe2fef4692c50be1c95e1bb0
# engine=16364
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2556-12-22 02:11:37
# local_time=2556-12-22 09:11:37 (+0700, SE Asia Standard Time)
# country="Thailand"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 139351347 0 0
# compatibility_mode=8199 16776701 100 76 11595 98855891 0 0
# scanned=331727
# found=1
# cleaned=0
# scan_time=9914
# nod_component=V3 Build:0x30000000
sh=1B83F23E896033C1A03B45DB69B0C642B7A4AB72 ft=1 fh=c318f7808deabfee vn="Win32/AdWare.1ClickDownload.AP application" ac=I fn="C:\Users\LENOVO\Downloads\codec_pack_ff.exe"
         

Adobe updaten.

Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun


Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.