Windows Vista 32Bit Interpol-Trojaner, Österr.

Einser · 02.02.2014, 10:13

Aloha miteinander,

auch ich habe mir gerade gestern den schönen Interpol-Trojaner beim Surfen eingefangen.

Da ich mich aber nur sehr schlecht mit der Matrix des Computers auskenne, suche ich hier professionelle Hilfe (die man definitiv auch bekommt, bin ja nicht der Erste mit diesem Problem).

Die Sache kennt ihr ja schon (ist dasselbe wie bei allen Anderen): Der Pc fährt hoch und der Sperrbildschirm mit der gefakten Interpol-Seite erscheint. Nichts lässt sich machen, kein abgesicherter Modus, der Desktop quasi unerreichbar etc. etc. zur Lösung des Übels fehlt mir aber mittlerweile auch noch die Windows-CD, kann also nur mit 'nem USB-Stick arbeiten.

Lg Einser

schrauber · 02.02.2014, 13:08

hi,

welches Betriebssystem?

Einser · 02.02.2014, 19:56

Windows Vista 32Bit

Hab gerade meine Pc nochmals hochgefahren und er läuft wieder, die Sperrseite ist nicht mehr da, kann ihn wieder normal benützen. Jedoch würde ich noch gern von dir empfohlene Software zur Sicherheit des Geräts installieren, was wären da die besten Programme deiner Meinung nach?

Ist wieder da... :/
war wohl 'ne einmalige Sache, hab auch kein Plan wieso es funktionierte. Hab nichts gemacht und normal hochgefahren und jetzt am Abend kam es wieder..

schrauber · 03.02.2014, 16:37

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Einser · 04.02.2014, 09:32

Bei Windows Vista gibt's die Auswahl "Computer reparieren" leider nicht..

was nun?

schrauber · 05.02.2014, 08:16

den anderen Weg über die DVD gehen

Einser · 06.02.2014, 11:05

dachte zuerst dass ich die nicht mehr habe und hab sie dann aber gott sei dank doch noch gefunden..

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by SYSTEM on MINWINPC on 06-02-2014 10:57:02
Running from I:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-15] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-08-18] (Kaspersky Lab)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Oliver\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\Oliver\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Oliver\...\Run: [Google Update] - C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-07] (Google Inc.)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll [12304 2009-07-03] (Kaspersky Lab)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4vtmq04.lnk
ShortcutTarget: 4vtmq04.lnk -> C:\ProgramData\40qmtv4.cpp (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-08-18] (Kaspersky Lab)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
S2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
S2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
S2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
S2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-15] ()
S2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-15] ()
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2008-03-23] (Intel Corporation)
S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab)
S0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-07-03] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl [X]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 10:56 - 2014-02-06 10:56 - 00000000 ____D () C:\FRST
2014-02-02 17:30 - 2014-02-02 17:31 - 00000169 _____ () C:\Users\Oliver\Desktop\MixesDB − Database for the best DJ-Sets.url
2014-02-01 16:42 - 2014-02-01 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-01 14:45 - 2014-02-01 14:46 - 95027928 ____T () C:\ProgramData\4vtmq04.fee
2014-02-01 14:45 - 2014-02-01 14:45 - 00138129 _____ (Microsoft Corporation) C:\ProgramData\40qmtv4.cpp
2014-01-21 09:52 - 2014-01-21 09:52 - 00000098 _____ () C:\Users\Oliver\Desktop\Ganzkörpertraining Trainingsplan » Fitness-Experts.de.url
2014-01-20 11:44 - 2014-01-20 11:44 - 00000096 _____ () C:\Users\Oliver\Desktop\Effektiver Muskelaufbau - Unglaublicher Virtueller Trainer.url

==================== One Month Modified Files and Folders =======

2014-02-06 10:56 - 2014-02-06 10:56 - 00000000 ____D () C:\FRST
2014-02-04 09:41 - 2008-03-23 14:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-04 09:40 - 2008-03-23 15:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-04 09:40 - 2006-11-02 13:47 - 00003264 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 09:40 - 2006-11-02 13:47 - 00003264 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:28 - 2008-03-23 13:36 - 02057056 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 17:31 - 2014-02-02 17:30 - 00000169 _____ () C:\Users\Oliver\Desktop\MixesDB − Database for the best DJ-Sets.url
2014-02-01 16:42 - 2014-02-01 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-01 16:42 - 2006-11-02 13:52 - 00137933 _____ () C:\Windows\setupact.log
2014-02-01 16:40 - 2012-01-07 13:53 - 00007916 _____ () C:\Users\Oliver\AppData\Local\d3d9caps.dat
2014-02-01 14:46 - 2014-02-01 14:45 - 95027928 ____T () C:\ProgramData\4vtmq04.fee
2014-02-01 14:45 - 2014-02-01 14:45 - 00138129 _____ (Microsoft Corporation) C:\ProgramData\40qmtv4.cpp
2014-02-01 12:40 - 2006-11-02 11:33 - 01445352 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-01-21 09:52 - 2014-01-21 09:52 - 00000098 _____ () C:\Users\Oliver\Desktop\Ganzkörpertraining Trainingsplan » Fitness-Experts.de.url
2014-01-20 11:45 - 2013-04-05 11:27 - 00000000 ____D () C:\Users\Oliver\Desktop\10WBC Detlef D Soost
2014-01-20 11:44 - 2014-01-20 11:44 - 00000096 _____ () C:\Users\Oliver\Desktop\Effektiver Muskelaufbau - Unglaublicher Virtueller Trainer.url
2014-01-18 14:59 - 2013-08-05 20:48 - 00000000 ____D () C:\Windows\System32\MRT
2014-01-18 14:54 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

Files to move or delete:
====================
C:\ProgramData\4vtmq04.fee


Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\fileutil.dll
C:\Users\Oliver\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\swt-awt-win32-3346.dll
C:\Users\Oliver\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Oliver\AppData\Local\Temp\unwise.exe
C:\Users\Oliver\AppData\Local\Temp\_is7658.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-11-22 13:28:00
Restore point made on: 2013-11-27 09:29:32
Restore point made on: 2013-12-03 18:19:00
Restore point made on: 2013-12-10 11:02:29
Restore point made on: 2013-12-12 10:35:47
Restore point made on: 2013-12-15 16:26:29
Restore point made on: 2013-12-16 17:20:28
Restore point made on: 2013-12-17 14:20:12
Restore point made on: 2013-12-20 21:31:51
Restore point made on: 2013-12-27 12:26:59
Restore point made on: 2013-12-31 15:34:55
Restore point made on: 2014-01-03 13:25:32
Restore point made on: 2014-01-07 09:36:58
Restore point made on: 2014-01-10 20:03:27
Restore point made on: 2014-01-11 17:33:15
Restore point made on: 2014-01-12 15:44:51
Restore point made on: 2014-01-13 17:36:26
Restore point made on: 2014-01-14 19:35:54
Restore point made on: 2014-01-18 14:54:25
Restore point made on: 2014-01-24 10:22:50
Restore point made on: 2014-01-25 11:51:26
Restore point made on: 2014-01-30 17:00:20
Restore point made on: 2014-02-02 00:07:04

==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 2045.56 MB
Available physical RAM: 1594.18 MB
Total Pagefile: 1858.11 MB
Available Pagefile: 1678.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.79 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:220.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:12 GB) FAT32
Drive e: (MEDHOPRDEU) (CDROM) (Total:2.41 GB) (Free:0 GB) CDFS
Drive i: (HITMANPRO) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3956CE13)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 983 MB) (Disk ID: 4B88706D)
Partition 1: (Active) - (Size=981 MB) - (Type=0B)


LastRegBack: 2014-02-02 15:02

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 07.02.2014, 08:02

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4vtmq04.lnk
ShortcutTarget: 4vtmq04.lnk -> C:\ProgramData\40qmtv4.cpp (Microsoft Corporation)
2014-02-01 14:45 - 2014-02-01 14:46 - 95027928 ____T () C:\ProgramData\4vtmq04.fee
2014-02-01 14:45 - 2014-02-01 14:45 - 00138129 _____ (Microsoft Corporation) C:\ProgramData\40qmtv4.cpp

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

Einser · 07.02.2014, 09:15

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-02-2014
Ran by SYSTEM at 2014-02-07 09:12:59 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4vtmq04.lnk
ShortcutTarget: 4vtmq04.lnk -> C:\ProgramData\40qmtv4.cpp (Microsoft Corporation)
2014-02-01 14:45 - 2014-02-01 14:46 - 95027928 ____T () C:\ProgramData\4vtmq04.fee
2014-02-01 14:45 - 2014-02-01 14:45 - 00138129 _____ (Microsoft Corporation) C:\ProgramData\40qmtv4.cpp
         
*****************

C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4vtmq04.lnk => Moved successfully.
C:\ProgramData\40qmtv4.cpp => Moved successfully.
C:\ProgramData\4vtmq04.fee => Moved successfully.
"C:\ProgramData\40qmtv4.cpp" => File/Directory not found.

==== End of Fixlog ====

schrauber · 08.02.2014, 10:33

Startet der Rechner normal`?

Einser · 08.02.2014, 18:20

ja, fährt normal hoch und kein sperrbildschirm mehr

schrauber · 09.02.2014, 09:49

Dann ab jetzt alles im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Einser · 09.02.2014, 21:01

mbam log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.09.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Oliver :: OLIVER-PC [Administrator]

09.02.2014 18:22:14
mbam-log-2014-02-09 (18-22-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 280605
Laufzeit: 21 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Oliver\Downloads\SoftonicDownloader_fuer_fl-studio.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

adwarecleaner log:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 09/02/2014 um 18:57:50
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Oliver - OLIVER-PC
# Gestartet von : C:\Users\Oliver\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\dvdvideosoftiehelpers

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Google Chrome v

[ Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1957 octets] - [09/02/2014 18:52:55]
AdwCleaner[S0].txt - [1880 octets] - [09/02/2014 18:57:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1940 octets] ##########

frst log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 02
Ran by Oliver (administrator) on OLIVER-PC on 09-02-2014 20:50:21
Running from C:\Users\Oliver\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-15] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-08-18] (Kaspersky Lab)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\Run: [Google Update] - C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-07] (Google Inc.)
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {9223e468-b89e-11dd-b326-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {c49569db-5844-11de-9997-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {cb2ec117-5db5-11de-b716-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {eb4ce67c-e324-11dd-a5e7-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1001\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll, => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll [109072 2009-09-10] (Kaspersky Lab)
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll [12304 2009-07-03] (Kaspersky Lab)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Click to call with Skype) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-05]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-08-18] (Kaspersky Lab)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-15] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-15] ()
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2008-03-23] (Intel Corporation)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab)
R0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-07-03] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl [X]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 20:50 - 2014-02-09 20:51 - 00017321 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-02-09 19:06 - 2014-02-09 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 19:02 - 2014-02-09 19:02 - 00002020 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S0].txt
2014-02-09 18:52 - 2014-02-09 18:57 - 00000000 ____D () C:\AdwCleaner
2014-02-09 18:20 - 2014-02-09 18:20 - 00000870 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 18:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-09 18:17 - 2014-02-09 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-09 18:16 - 2014-02-09 18:17 - 01166132 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-02-09 18:16 - 2014-02-09 18:17 - 01037530 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-02-09 18:16 - 2014-02-09 18:16 - 01138688 _____ (Farbar) C:\Users\Oliver\Desktop\FRST.exe
2014-02-08 19:27 - 2014-02-08 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\fitness
2014-02-06 10:56 - 2014-02-09 20:50 - 00000000 ____D () C:\FRST
2014-02-02 17:30 - 2014-02-02 17:31 - 00000169 _____ () C:\Users\Oliver\Desktop\MixesDB − Database for the best DJ-Sets.url
2014-02-01 16:42 - 2014-02-01 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-21 09:52 - 2014-01-21 09:52 - 00000098 _____ () C:\Users\Oliver\Desktop\Ganzkörpertraining Trainingsplan » Fitness-Experts.de.url
2014-01-20 11:44 - 2014-01-20 11:44 - 00000096 _____ () C:\Users\Oliver\Desktop\Effektiver Muskelaufbau - Unglaublicher Virtueller Trainer.url

==================== One Month Modified Files and Folders =======

2014-02-09 20:51 - 2014-02-09 20:50 - 00017321 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-02-09 20:50 - 2014-02-06 10:56 - 00000000 ____D () C:\FRST
2014-02-09 20:15 - 2010-02-07 13:30 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000UA.job
2014-02-09 19:15 - 2010-02-07 13:30 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000Core.job
2014-02-09 19:07 - 2008-03-23 13:36 - 01093873 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 19:06 - 2014-02-09 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 19:02 - 2014-02-09 19:02 - 00002020 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S0].txt
2014-02-09 19:01 - 2008-03-23 14:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-09 19:00 - 2012-01-07 13:53 - 00007916 _____ () C:\Users\Oliver\AppData\Local\d3d9caps.dat
2014-02-09 18:59 - 2008-03-23 15:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-09 18:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 18:59 - 2006-11-02 13:47 - 00003264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 18:59 - 2006-11-02 13:47 - 00003264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 18:58 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-09 18:57 - 2014-02-09 18:52 - 00000000 ____D () C:\AdwCleaner
2014-02-09 18:55 - 2008-03-23 15:54 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{083B950B-8FAD-44C6-A788-022218432CB8}.job
2014-02-09 18:46 - 2008-09-27 12:09 - 00069776 _____ () C:\Windows\PFRO.log
2014-02-09 18:20 - 2014-02-09 18:20 - 00000870 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 18:17 - 2014-02-09 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-09 18:17 - 2014-02-09 18:16 - 01166132 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-02-09 18:17 - 2014-02-09 18:16 - 01037530 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-02-09 18:16 - 2014-02-09 18:16 - 01138688 _____ (Farbar) C:\Users\Oliver\Desktop\FRST.exe
2014-02-08 19:27 - 2014-02-08 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\fitness
2014-02-02 17:31 - 2014-02-02 17:30 - 00000169 _____ () C:\Users\Oliver\Desktop\MixesDB − Database for the best DJ-Sets.url
2014-02-01 16:42 - 2014-02-01 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-01 16:42 - 2006-11-02 13:52 - 00137933 _____ () C:\Windows\setupact.log
2014-02-01 12:40 - 2006-11-02 11:33 - 01445352 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-21 09:52 - 2014-01-21 09:52 - 00000098 _____ () C:\Users\Oliver\Desktop\Ganzkörpertraining Trainingsplan » Fitness-Experts.de.url
2014-01-20 11:44 - 2014-01-20 11:44 - 00000096 _____ () C:\Users\Oliver\Desktop\Effektiver Muskelaufbau - Unglaublicher Virtueller Trainer.url
2014-01-18 14:59 - 2013-08-05 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 14:54 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\fileutil.dll
C:\Users\Oliver\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\swt-awt-win32-3346.dll
C:\Users\Oliver\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Oliver\AppData\Local\Temp\unwise.exe
C:\Users\Oliver\AppData\Local\Temp\_is7658.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 19:09

==================== End Of Log ============================

--- --- ---

addition log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-02-2014 02
Ran by Oliver at 2014-02-09 20:51:29
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
7500_7600_7700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (Version: 8.1.0 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (Version:  - )
AFPL Ghostscript Fonts (Version:  - )
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 82.0.173.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
FreakOut (Version: 1.0.0 - JoWood)
FreePDF XP (Remove only) (Version:  - )
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Earth (Version: 4.2.205.5730 - Google)
HP Customer Participation Program 8.0 (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (Version: 8.0 - HP)
HP OCR Software 8.0 (Version: 8.0 - HP)
HP Officejet Pro All-In-One Series (Version: 1.0 - HP)
HP Photosmart Essential (Version: 1.12.0.46 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 8.0 (Version: 8.0 - HP)
HP Update (Version: 4.000.012.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 2.1.3.0000 - Ihr Firmenname)
Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0 - Intel)
Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0 - Intel) Hidden
Intel® Viiv™ Software (Version: 1.7.512.0 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.7.512.0 - Intel Corporation) Hidden
iTunes (Version: 11.0.2.26 - Apple Inc.)
Java Auto Updater (Version: 2.0.1.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 18 (Version: 6.0.180 - Sun Microsystems, Inc.)
Kaspersky Internet Security 2010 (Version: 9.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security 2010 (Version: 9.0.0.463 - Kaspersky Lab) Hidden
L7600 (Version: 50.0.165.000 - Ihr Firmenname) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Messenger Plus! Live (Version: 4.80 (build 356) - Patchou)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.6.0 - Apple Inc.)
MPM (Version: 1.00.0000 - Hewlett-Packard)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetDeviceManager (Version: 90.0.192.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller-Treiber 285.62 (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 2.4 (Version: 2.4.9286 - OpenOffice.org)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version:  - )
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SecurDisc Viewer (Version: 1.1.18 - Nero AG)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Text-To-Speech-Runtime (Version: 1.0.0.0 - Magix Development GmbH)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
TV Enhance (Version: 1.0.4615 - CyberLink Corp.)
Uninstall 1.0.0.1 (Version:  - )
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Virtual DJ - Atomix Productions (Version:  - )
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Updater Component (Version: 04.07.1407.00 - Microsoft Corporation) Hidden
Windows Phone Intro Video (DEU) (Version: 04.07.0975.00 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7) (Version: 03/05/2008 3.7 - Nokia)
X10 Hardware(TM) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CB3F386-5BF3-4894-8865-77E25F6437F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {559F3F99-B1F3-439C-BE4E-EE3F968AAD4E} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5761ED74-E3A9-48D6-9F62-6992BBCE487C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A87DC043-76F7-488C-8FF8-71764E1A188D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {BD8BAC41-621C-4436-9637-7856DC02C445} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F5864D09-510F-4468-8DDD-365FB7CE3EB7} - System32\Tasks\{18621B85-2144-4EB4-BCB9-AAD091EB525B} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{083B950B-8FAD-44C6-A788-022218432CB8}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-03-23 14:02 - 2007-10-15 21:57 - 00114780 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-03-23 14:02 - 2007-10-15 21:57 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2008-03-23 14:02 - 2007-10-15 21:57 - 00245858 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-03-23 14:02 - 2007-10-15 21:57 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
2014-02-08 19:24 - 2014-02-02 00:42 - 04055368 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-08 19:24 - 2014-02-02 00:42 - 00399688 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-08 19:24 - 2014-02-02 00:41 - 01634632 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-08 19:24 - 2014-02-02 00:42 - 13616456 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2014 02:56:21 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel 0x5065ccb6, Ausnahmecode 0x0eedfade, Fehleroffset 0x0003fc16,
Prozess-ID 0xf58, Anwendungsstartzeit rundll32.exe0.

Error: (02/01/2014 04:41:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/25/2014 03:27:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5181573

Error: (01/25/2014 03:27:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5181573

Error: (01/25/2014 03:27:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2014 03:27:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5180388

Error: (01/25/2014 03:27:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5180388

Error: (01/25/2014 03:27:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2014 03:27:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179015

Error: (01/25/2014 03:27:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5179015


System errors:
=============
Error: (02/09/2014 07:05:07 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/09/2014 07:01:59 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/09/2014 06:58:10 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/09/2014 06:48:14 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/09/2014 06:13:12 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/08/2014 06:20:12 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/08/2014 06:18:49 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/07/2014 09:18:17 AM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/07/2014 09:16:16 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 07.02.2014 um 09:08:54 unerwartet heruntergefahren.

Error: (02/04/2014 09:42:20 AM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


Microsoft Office Sessions:
=========================
Error: (02/02/2014 02:56:21 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.0.6000.163864549b0e1kernel32.dll6.0.6002.187045065ccb60eedfade0003fc16f5801cf201e8aab7ecb

Error: (02/01/2014 04:41:26 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"I:\HitmanPro_x64.exe

Error: (01/25/2014 03:27:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5181573

Error: (01/25/2014 03:27:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5181573

Error: (01/25/2014 03:27:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2014 03:27:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5180388

Error: (01/25/2014 03:27:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5180388

Error: (01/25/2014 03:27:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2014 03:27:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179015

Error: (01/25/2014 03:27:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5179015


CodeIntegrity Errors:
===================================
  Date: 2014-02-09 20:51:10.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:10.256
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:10.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:09.804
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:09.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:09.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:08.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 20:51:08.712
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 18:27:41.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-09 18:27:40.858
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 2045.45 MB
Available physical RAM: 975.51 MB
Total Pagefile: 4331.91 MB
Available Pagefile: 3216.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.51 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:217.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3956CE13)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

==================== End Of Log ============================

nachdem das Startup und die Module gecheckt wurden kam beim Junkware Removal Tool leider eine Fehlernachricht "Starten des Servers fehlgeschlagen"

schrauber · 10.02.2014, 17:23

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Einser · 13.02.2014, 20:29

eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bd56e51d2fc97f49858e0ea35cba9f89
# engine=17060
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-13 06:42:26
# local_time=2014-02-13 07:42:26 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 102052 229849674 0 0
# scanned=501562
# found=1
# cleaned=0
# scan_time=11318
sh=52F22592983CBC8E5F5A13B81863EF72D33DFE97 ft=1 fh=16584dd5c63d2162 vn="a variant of Win32/Kryptik.BUED trojan" ac=I fn="C:\FRST\Quarantine\40qmtv4.cpp07-02-2014_09-12-59"

securitycheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 18  
 Java version out of Date! 
 Adobe Flash Player 	11.6.602.168  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014
Ran by Oliver (administrator) on OLIVER-PC on 13-02-2014 20:27:22
Running from C:\Users\Oliver\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-15] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-08-18] (Kaspersky Lab)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\Run: [Google Update] - C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-07] (Google Inc.)
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {9223e468-b89e-11dd-b326-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {c49569db-5844-11de-9997-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {cb2ec117-5db5-11de-b716-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1000\...\MountPoints2: {eb4ce67c-e324-11dd-a5e7-001d92295930} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2599811498-1172278240-2189351553-1001\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll, => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll [109072 2009-09-10] (Kaspersky Lab)
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll [12304 2009-07-03] (Kaspersky Lab)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Click to call with Skype) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-05]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-08-18] (Kaspersky Lab)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-15] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-15] ()
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2008-03-23] (Intel Corporation)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab)
R0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-07-03] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl [X]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 20:27 - 2014-02-13 20:27 - 00017265 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-02-13 20:27 - 2014-02-13 20:27 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-02-13 16:26 - 2014-02-13 16:26 - 00987425 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-02-13 16:25 - 2014-02-13 16:25 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_enu.exe
2014-02-09 19:06 - 2014-02-09 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 18:52 - 2014-02-09 18:57 - 00000000 ____D () C:\AdwCleaner
2014-02-09 18:20 - 2014-02-09 18:20 - 00000870 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 18:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-09 18:16 - 2014-02-13 20:27 - 01141248 _____ (Farbar) C:\Users\Oliver\Desktop\FRST.exe
2014-02-09 18:16 - 2014-02-09 18:17 - 01166132 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-02-08 19:27 - 2014-02-08 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\fitness
2014-02-06 10:56 - 2014-02-13 20:27 - 00000000 ____D () C:\FRST
2014-02-02 17:30 - 2014-02-02 17:31 - 00000169 _____ () C:\Users\Oliver\Desktop\MixesDB − Database for the best DJ-Sets.url
2014-02-01 16:42 - 2014-02-01 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-21 09:52 - 2014-01-21 09:52 - 00000098 _____ () C:\Users\Oliver\Desktop\Ganzkörpertraining Trainingsplan » Fitness-Experts.de.url
2014-01-20 11:44 - 2014-01-20 11:44 - 00000096 _____ () C:\Users\Oliver\Desktop\Effektiver Muskelaufbau - Unglaublicher Virtueller Trainer.url

==================== One Month Modified Files and Folders =======

2014-02-13 20:28 - 2014-02-13 20:27 - 00017265 _____ () C:\Users\Oliver\Desktop\FRST.txt
2014-02-13 20:27 - 2014-02-13 20:27 - 00000000 ____D () C:\Users\Oliver\Desktop\FRST-OlderVersion
2014-02-13 20:27 - 2014-02-09 18:16 - 01141248 _____ (Farbar) C:\Users\Oliver\Desktop\FRST.exe
2014-02-13 20:27 - 2014-02-06 10:56 - 00000000 ____D () C:\FRST
2014-02-13 20:15 - 2010-02-07 13:30 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000UA.job
2014-02-13 20:08 - 2006-11-02 13:47 - 00003264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 20:08 - 2006-11-02 13:47 - 00003264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 19:15 - 2010-02-07 13:30 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599811498-1172278240-2189351553-1000Core.job
2014-02-13 18:53 - 2008-03-23 13:36 - 01401114 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 18:06 - 2008-03-23 15:54 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{083B950B-8FAD-44C6-A788-022218432CB8}.job
2014-02-13 16:26 - 2014-02-13 16:26 - 00987425 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-02-13 16:25 - 2014-02-13 16:25 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_enu.exe
2014-02-13 16:11 - 2008-03-23 14:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-13 16:08 - 2008-03-23 15:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 16:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 16:36 - 2006-11-02 14:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-09 19:06 - 2014-02-09 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 19:00 - 2012-01-07 13:53 - 00007916 _____ () C:\Users\Oliver\AppData\Local\d3d9caps.dat
2014-02-09 18:57 - 2014-02-09 18:52 - 00000000 ____D () C:\AdwCleaner
2014-02-09 18:46 - 2008-09-27 12:09 - 00069776 _____ () C:\Windows\PFRO.log
2014-02-09 18:20 - 2014-02-09 18:20 - 00000870 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 18:20 - 2014-02-09 18:20 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 18:17 - 2014-02-09 18:16 - 01166132 _____ () C:\Users\Oliver\Desktop\adwcleaner.exe
2014-02-08 19:27 - 2014-02-08 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\fitness
2014-02-02 17:31 - 2014-02-02 17:30 - 00000169 _____ () C:\Users\Oliver\Desktop\MixesDB − Database for the best DJ-Sets.url
2014-02-01 16:42 - 2014-02-01 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-01 16:42 - 2006-11-02 13:52 - 00137933 _____ () C:\Windows\setupact.log
2014-02-01 12:40 - 2006-11-02 11:33 - 01445352 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-21 09:52 - 2014-01-21 09:52 - 00000098 _____ () C:\Users\Oliver\Desktop\Ganzkörpertraining Trainingsplan » Fitness-Experts.de.url
2014-01-20 11:44 - 2014-01-20 11:44 - 00000096 _____ () C:\Users\Oliver\Desktop\Effektiver Muskelaufbau - Unglaublicher Virtueller Trainer.url
2014-01-18 14:59 - 2013-08-05 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 14:54 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\fileutil.dll
C:\Users\Oliver\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\swt-awt-win32-3346.dll
C:\Users\Oliver\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Oliver\AppData\Local\Temp\unwise.exe
C:\Users\Oliver\AppData\Local\Temp\_is7658.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-13 16:20

==================== End Of Log ============================

--- --- ---

sooooo bittesehr der herr und nööö keine probleme mehr

02.02.2014, 13:08	#2
schrauber /// the machine /// TB-Ausbilder	Windows Vista 32Bit Interpol-Trojaner, Österr. hi, welches Betriebssystem? __________________ __________________

05.02.2014, 08:16	#6
schrauber /// the machine /// TB-Ausbilder	Windows Vista 32Bit Interpol-Trojaner, Österr. den anderen Weg über die DVD gehen __________________ --> Windows Vista 32Bit Interpol-Trojaner, Österr.

08.02.2014, 10:33	#10
schrauber /// the machine /// TB-Ausbilder	Windows Vista 32Bit Interpol-Trojaner, Österr. Startet der Rechner normal`? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows Vista 32Bit Interpol-Trojaner, Österr.

Log-Analyse und Auswertung: Windows Vista 32Bit Interpol-Trojaner, Österr.