Windows 7: Werbefenster in Firefox öffnen sich ohne Grund+Malewarebefund durch Avast

hashtag# · 24.02.2014, 01:58

Hallo liebe Mitglieder,

ich habe folgendes Problem:

Ich nutze normalerweise Opera als Standardbrowser, jedoch bin gezwungen Firefox zu nehmen, wenn ich mir über die Seite meiner Uni aufgenommene Vorlesungen anschauen will. (lassen sich nur mit Firefox auch anhalten).

Das ist soweit kein Problem gewesen, nur öffnen sich seit ca 2-3 Tagen, während ich mit Firefox über die Website des Uni-Portals die Vorlesungen anschaue im Hintergrund Werbeseiten. Dies passiert eigentlich nur, wenn ich auf den Link zum Stream klicke, bzw. den Stream pausieren will.

Da mich das ganze heute ziemlich genervt hat, habe ich Avast laufen lassen, was soweit ich weiß 2 Bedrohungen gefunden hat. Als ich dann Start-Zeit Überprüfung durchgeführt hat, erkannte das Programm anscheinend gewisse Maleware. Leider konnte ich diese nicht wie gedacht löschen, in die Quarantäne verschieben oder ignorieren - gar nichts ging, außer den Scan abzubrechen.

Hier hat es gehangen:
C:\Users\Mr x.y/\appdata\local\microsoft\windows\temporary internet files\content.ie5\ca68jynr\pack[1].7z|>bprotect.exe

Naja im Anschluss habe ich versucht die Dateien zu finden und zu löschen (ging leider nicht, da ich trotz Admin Rechte da nichts ändern konnte).

-Dann habe ich im Internet gesucht und aus/via einem Thread von euch 2 Programme heruntergeladen, um das Ganze zu entfernen. (Malewarebytes und adwcleaner)

-Die Programme haben dann auch jeweils etwas gefunden und gelöscht, nur leider blieb das Problem bestehen, also hab ich weiter im Internet gesucht und angefangen nach "bot" o.ä. Bezeichnungen in den Reports von Malewarebytes zu suchen.

-Gefunden habe ich PUP.Optional.DeltaTB, was aber gelöscht werden konnte, nur hab ich im Internet darüber nix gutes gelesen und möchte mir deshalb von euch Feedback einholen, ob ich mir da was Übles eingefangen habe und wie ich das wieder wegbekomme. (bevor als letzte Option Forma C ansteht)

-Als letztes habe ich FF noch gelöscht (jedoch bisher nicht wieder installiert)

Vielen Dank schon im Voraus!

Anbei folgende Logs:

1. Durchlauf mit Avast

(kann ich leider nicht posten, da ich keine .txt Dateien gefunden habe)

2. Durchlauf mit Malewarebytes-Flash Scan

Zitat:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mr x.y :: MRXY-PC [Administrator]

Schutz: Aktiviert

23.02.2014 19:17:19
mbam-log-2014-02-23 (19-17-19).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 180369
Laufzeit: 14 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Universal Updater\UpdaterService.exe (PUP.Optional.UniversalUpdater.A) -> 124 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SYSTEM\CurrentControlSet\Services\UniversalUpdater (PUP.Optional.UniversalUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB705064-D600-4F0E-B5F1-868EFB973F5E} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{85DE85E5-D992-4276-9B06-60948364EA14} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SYSTEM\CurrentControlSet\Services\UniversalUpdater|ImagePath (PUP.Optional.UniversalUpdater.A) -> Daten: C:\Program Files (x86)\Universal Updater\UpdaterService.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\Universal Updater (PUP.Optional.UniversalUpdater.A) -> Löschen bei Neustart.
C:\Users\Mr x.y\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Program Files (x86)\Universal Updater\UpdaterService.exe (PUP.Optional.UniversalUpdater.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Universal Updater\settings.json (PUP.Optional.UniversalUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3. Malewarebytes - Vollständiger Suchlauf

Zitat:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mr x.y :: MRXY-PC [Administrator]

Schutz: Aktiviert

23.02.2014 19:22:06
mbam-log-2014-02-23 (19-22-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364556
Laufzeit: 15 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\Users\Mr x.y\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA68JYNR\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\hd_streamer_install_new.exe (PUP.Optional.BesttoolBars) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\pricepeep_130001_0101.exe (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier die 3 geforderten Logs zum Erstellen des Threads:

defogger - disable

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:13 on 24/02/2014 (Mr x.y)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST

Zitat:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Mr x.y (administrator) on MRXY-PC on 24-02-2014 00:15:32
Running from C:\Users\Mr x.y\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-08] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKU\S-1-5-21-559131315-3914047173-678271574-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-559131315-3914047173-678271574-1000\...\MountPoints2: {5f03adb6-f5f7-11e2-982c-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-559131315-3914047173-678271574-1000\...\MountPoints2: {68ab6649-f91c-11e2-a24e-806e6f6e6963} - D:\EAWXLauncher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-26]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-30]
CHR Extension: (Google Search) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-30]
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob [2013-11-30]
CHR Extension: (avast! Online Security) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Gmail) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-19]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-08] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-08] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
R2 WinRing0_1_2_0; C:\Users\Mr x.y\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [14544 2013-07-31] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-24 00:15 - 2014-02-24 00:15 - 00010103 _____ () C:\Users\Mr x.y\Desktop\FRST.txt
2014-02-24 00:15 - 2014-02-24 00:15 - 00000000 ____D () C:\FRST
2014-02-24 00:14 - 2014-02-24 00:14 - 02155520 _____ (Farbar) C:\Users\Mr x.y\Desktop\FRST64.exe
2014-02-24 00:13 - 2014-02-24 00:13 - 00000474 _____ () C:\Users\Mr x.y\Desktop\defogger_disable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000246 _____ () C:\Users\Mr x.y\Desktop\defogger_enable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000000 _____ () C:\Users\Mr x.y\defogger_reenable
2014-02-24 00:11 - 2014-02-24 00:11 - 00050477 _____ () C:\Users\Mr x.y\Desktop\Defogger.exe
2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Petroglyph
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\InstallShield
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-23 21:10 - 2014-02-23 21:15 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-02-23 19:15 - 2014-02-23 19:15 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 19:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-23 19:09 - 2014-02-23 23:34 - 00000000 ____D () C:\AdwCleaner
2014-02-23 19:09 - 2014-02-23 19:09 - 01241834 _____ () C:\Users\Mr x.y\Desktop\adwcleaner.exe
2014-02-23 15:50 - 2014-02-23 18:05 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-02-23 15:50 - 2014-02-23 15:50 - 00004116 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
2014-02-23 15:50 - 2014-02-23 15:50 - 00003436 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
2014-02-23 15:50 - 2010-05-21 12:11 - 01147392 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe
2014-02-23 15:50 - 2010-05-21 12:11 - 00485376 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr
2014-02-23 15:40 - 2014-02-23 18:06 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Wise Registry Cleaner
2014-02-23 15:39 - 2014-02-23 15:39 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-02-23 13:40 - 2014-02-24 00:10 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}.job
2014-02-23 13:40 - 2014-02-23 13:40 - 00003252 _____ () C:\Windows\System32\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}
2014-02-15 14:02 - 2014-02-15 14:02 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-02-15 13:43 - 2014-02-15 13:44 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-14 12:27 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 12:27 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 12:26 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 12:26 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 12:26 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 12:26 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 12:26 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 12:26 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 12:26 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 12:26 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 12:26 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 12:26 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 12:26 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 12:26 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 12:26 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 12:26 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 12:26 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 12:26 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 12:26 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 12:26 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 12:26 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 12:26 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 12:26 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 12:26 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 12:26 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 12:26 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 12:26 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 12:26 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 12:26 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 12:26 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 12:26 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 12:26 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 12:26 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 12:26 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 12:26 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 12:26 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 12:26 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 12:26 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 12:26 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 12:26 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 12:26 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-14 09:09 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 09:09 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-14 09:09 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 09:09 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 09:09 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 09:09 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-14 09:09 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 09:09 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 09:09 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 09:09 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 09:09 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 09:09 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 09:09 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 09:09 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 09:09 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 09:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 09:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 09:09 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 09:09 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 09:09 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 09:09 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 09:09 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 09:09 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 09:09 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:03 - 2014-02-13 11:03 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-13 10:59 - 2014-02-23 23:29 - 00000000 ____D () C:\Users\Mr x.y\AppData\Local\PMB Files
2014-02-13 10:59 - 2014-02-23 23:29 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-13 10:59 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-13 10:59 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-13 10:59 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-02-10 19:21 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BXL.dll
2014-02-10 19:21 - 2012-11-09 10:43 - 00088064 _____ () C:\Windows\SysWOW64\CNC176DD.TBL
2014-02-10 19:21 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-02-10 19:19 - 2014-02-10 19:19 - 00000000 ____D () C:\Program Files\Canon
2014-02-10 11:28 - 2014-02-15 13:44 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Canon
2014-02-10 11:28 - 2014-02-10 11:28 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-02-10 11:27 - 2014-02-15 14:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-10 11:27 - 2014-02-10 11:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-02-10 11:19 - 2014-02-10 19:20 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-02-10 11:15 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBX.DLL
2014-02-10 11:15 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BXL.dll
2014-02-10 11:15 - 2012-11-09 10:43 - 00088064 _____ () C:\Windows\system32\CNC176DD.TBL
2014-02-10 11:15 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BXC.dll
2014-02-10 11:15 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BXI.dll
2014-02-10 11:15 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-02-10 11:14 - 2014-02-10 19:21 - 00000000 ____D () C:\Program Files (x86)\Canon

==================== One Month Modified Files and Folders =======

2014-02-24 00:15 - 2014-02-24 00:15 - 00010103 _____ () C:\Users\Mr x.y\Desktop\FRST.txt
2014-02-24 00:15 - 2014-02-24 00:15 - 00000000 ____D () C:\FRST
2014-02-24 00:14 - 2014-02-24 00:14 - 02155520 _____ (Farbar) C:\Users\Mr x.y\Desktop\FRST64.exe
2014-02-24 00:13 - 2014-02-24 00:13 - 00000474 _____ () C:\Users\Mr x.y\Desktop\defogger_disable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000246 _____ () C:\Users\Mr x.y\Desktop\defogger_enable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000000 _____ () C:\Users\Mr x.y\defogger_reenable
2014-02-24 00:13 - 2013-07-26 15:17 - 00000000 ____D () C:\Users\Mr x.y
2014-02-24 00:11 - 2014-02-24 00:11 - 00050477 _____ () C:\Users\Mr x.y\Desktop\Defogger.exe
2014-02-24 00:10 - 2014-02-23 13:40 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}.job
2014-02-23 23:57 - 2013-11-30 22:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 23:57 - 2009-07-14 05:45 - 00026480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 23:57 - 2009-07-14 05:45 - 00026480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 23:54 - 2013-07-27 00:27 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-23 23:54 - 2013-07-27 00:27 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-23 23:54 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 23:53 - 2013-07-26 15:17 - 01835259 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 23:50 - 2013-11-30 22:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 23:50 - 2010-11-21 04:47 - 00357858 _____ () C:\Windows\PFRO.log
2014-02-23 23:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 23:50 - 2009-07-14 05:51 - 00054973 _____ () C:\Windows\setupact.log
2014-02-23 23:43 - 2013-07-26 17:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 23:35 - 2013-08-25 10:14 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Mozilla
2014-02-23 23:34 - 2014-02-23 19:09 - 00000000 ____D () C:\AdwCleaner
2014-02-23 23:29 - 2014-02-13 10:59 - 00000000 ____D () C:\Users\Mr x.y\AppData\Local\PMB Files
2014-02-23 23:29 - 2014-02-13 10:59 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-23 22:23 - 2013-07-26 15:17 - 00000000 ____D () C:\Users\Mr x.y\AppData\Local\VirtualStore
2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Petroglyph
2014-02-23 21:28 - 2013-10-27 13:17 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-23 21:28 - 2013-07-27 09:42 - 00201086 _____ () C:\Windows\DirectX.log
2014-02-23 21:15 - 2014-02-23 21:10 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-02-23 21:15 - 2013-07-26 15:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\InstallShield
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-23 21:13 - 2013-08-07 11:41 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-23 19:43 - 2013-08-09 08:34 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\DVDVideoSoft
2014-02-23 19:15 - 2014-02-23 19:15 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 19:09 - 2014-02-23 19:09 - 01241834 _____ () C:\Users\Mr x.y\Desktop\adwcleaner.exe
2014-02-23 18:08 - 2013-07-26 17:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-23 18:06 - 2014-02-23 15:40 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Wise Registry Cleaner
2014-02-23 18:05 - 2014-02-23 15:50 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-02-23 15:50 - 2014-02-23 15:50 - 00004116 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
2014-02-23 15:50 - 2014-02-23 15:50 - 00003436 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
2014-02-23 15:39 - 2014-02-23 15:39 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-02-23 14:32 - 2013-07-26 17:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-23 14:31 - 2013-08-05 16:27 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-23 14:29 - 2013-08-06 14:05 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-23 14:26 - 2013-07-27 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-02-23 14:25 - 2013-07-27 09:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-23 14:20 - 2013-08-29 20:58 - 00000000 ____D () C:\Users\Mr x.y\Documents\EA Games
2014-02-23 13:40 - 2014-02-23 13:40 - 00003252 _____ () C:\Windows\System32\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}
2014-02-23 00:19 - 2013-07-26 20:02 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\TS3Client
2014-02-22 21:39 - 2013-07-26 17:21 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Skype
2014-02-22 12:59 - 2013-11-30 22:42 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 11:18 - 2013-07-26 17:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 11:18 - 2013-07-26 17:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:18 - 2013-07-26 17:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 10:10 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 00:24 - 2013-08-14 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 00:23 - 2013-07-26 16:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 21:52 - 2013-11-30 22:41 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 21:52 - 2013-11-30 22:41 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 14:02 - 2014-02-15 14:02 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-02-15 14:02 - 2014-02-10 11:27 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-15 13:44 - 2014-02-15 13:43 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-15 13:44 - 2014-02-10 11:28 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Canon
2014-02-15 13:30 - 2013-08-04 22:17 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\vlc
2014-02-14 20:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 12:28 - 2013-07-26 15:36 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 11:03 - 2014-02-13 11:03 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-13 11:00 - 2013-07-26 17:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-11 11:15 - 2013-12-04 19:34 - 00349498 _____ () C:\Windows\DPINST.LOG
2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-02-10 19:31 - 2013-12-01 23:29 - 00000000 ____D () C:\Users\Mr x.y\Desktop\Rubbish
2014-02-10 19:21 - 2014-02-10 11:14 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-10 19:21 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2014-02-10 19:20 - 2014-02-10 11:19 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-02-10 19:19 - 2014-02-10 19:19 - 00000000 ____D () C:\Program Files\Canon
2014-02-10 11:28 - 2014-02-10 11:28 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-02-10 11:27 - 2014-02-10 11:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-02-08 20:35 - 2013-07-26 17:19 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 20:34 - 2014-01-08 19:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-08 20:34 - 2013-07-26 17:19 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 20:34 - 2013-07-26 17:19 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 20:34 - 2013-07-26 17:19 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 20:34 - 2013-07-26 17:19 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 20:34 - 2013-07-26 17:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-06 13:16 - 2014-02-14 12:26 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 12:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 12:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 12:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 12:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 12:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-14 12:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-14 12:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 12:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 12:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 12:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 12:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 12:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 12:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 12:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 12:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 12:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 12:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 12:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-14 12:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-14 12:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 12:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 12:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 12:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 12:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 12:26 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 12:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 12:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 12:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 12:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 12:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 12:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 12:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 12:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Mr x.y\AppData\Local\Temp\7z920.exe
C:\Users\Mr x.y\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\Mr x.y\AppData\Local\Temp\COMAP.EXE
C:\Users\Mr x.y\AppData\Local\Temp\devcon64.exe
C:\Users\Mr x.y\AppData\Local\Temp\EADD403.exe
C:\Users\Mr x.y\AppData\Local\Temp\EADEB57.exe
C:\Users\Mr x.y\AppData\Local\Temp\gkc.exe
C:\Users\Mr x.y\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Mr x.y\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Mr x.y\AppData\Local\Temp\Notification.exe
C:\Users\Mr x.y\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Mr x.y\AppData\Local\Temp\sfextra.dll
C:\Users\Mr x.y\AppData\Local\Temp\sonarinst.exe
C:\Users\Mr x.y\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Mr x.y\AppData\Local\Temp\uninst1.exe
C:\Users\Mr x.y\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Mr x.y\AppData\Local\Temp\v-bates.exe
C:\Users\Mr x.y\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Mr x.y\AppData\Local\Temp\_is3238.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 11:04

==================== End Of Log ============================

FRST - Addition

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 02
Ran by Mr x.y at 2014-02-24 00:15:46
Running from C:\Users\Mr x.y\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series Benutzerregistrierung (HKLM-x32\...\Canon MG2500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CPUID CPU-Z 1.65.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version: - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wise Registry Cleaner 7.94 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 7.94 - WiseCleaner.com, Inc.)

==================== Restore Points =========================

23-02-2014 20:10:35 Installiert Star Wars Empire at War

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {20C4D875-DFFE-4533-8680-298B3303B0BD} - System32\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F} => C:\Program Files\V-bates\PrefHelper.exe
Task: {72A25A09-3C19-41F0-86B2-BAA03314D21B} - \DSite No Task File
Task: {BB153208-2395-4453-88E1-42BCF5E5B6F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-30] (Google Inc.)
Task: {C10E5003-ACE8-47FE-9605-C9A981304B44} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-08] (AVAST Software)
Task: {D38B2C17-DAC9-4E80-A5BF-AB18C9E38CA2} - \QtraxPlayer No Task File
Task: {E63A7E1F-2059-4898-900E-CD1CBD816CF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {F8833570-4901-458E-A5BE-27409D400395} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-10 19:29 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-02-13 11:00 - 2014-02-10 10:40 - 01378144 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
2014-02-23 18:08 - 2014-02-23 16:28 - 02181632 _____ () C:\Program Files\AVAST Software\Avast\defs\14022301\algo.dll
2013-11-19 16:56 - 2013-11-19 16:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-13 11:00 - 2014-02-10 10:40 - 00907616 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\libglesv2.dll
2014-02-13 11:00 - 2014-02-10 10:40 - 00108896 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\libegl.dll
2014-02-13 11:00 - 2014-02-10 10:40 - 00890208 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2014 11:52:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 11:34:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:17:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: swfoc.exe, Version: 1.0.0.0, Zeitstempel: 0x4523253d
Name des fehlerhaften Moduls: swfoc.exe, Version: 1.0.0.0, Zeitstempel: 0x4523253d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014ec5a
ID des fehlerhaften Prozesses: 0xe0c
Startzeit der fehlerhaften Anwendung: 0xswfoc.exe0
Pfad der fehlerhaften Anwendung: swfoc.exe1
Pfad des fehlerhaften Moduls: swfoc.exe2
Berichtskennung: swfoc.exe3

Error: (02/23/2014 08:07:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:46:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:21:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:12:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:46:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:08:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:16:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/23/2014 04:13:16 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/23/2014 02:28:30 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/23/2014 02:28:30 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2014 11:12:18 AM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/19/2014 01:45:08 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/16/2014 09:18:26 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (01/11/2014 08:54:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (12/14/2013 11:32:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/14/2013 11:32:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (12/12/2013 09:07:09 PM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}

Microsoft Office Sessions:
=========================
Error: (02/23/2014 11:52:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 11:34:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:17:37 PM) (Source: Application Error)(User: )
Description: swfoc.exe1.0.0.04523253dswfoc.exe1.0.0.04523253dc00000050014ec5ae0c01cf30d4367fb475C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exeC:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe8967ccd4-9cc7-11e3-9615-d43d7ec0010b

Error: (02/23/2014 08:07:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:46:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:21:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:12:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:46:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:08:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:16:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8120.61 MB
Available physical RAM: 6183.17 MB
Total Pagefile: 16239.4 MB
Available Pagefile: 14014.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:318.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B0F150C0)

Partition: GPT Partition Type.

==================== End Of Log ============================

GMRScan

Zitat:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-24 00:30:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA050 rev.MS1OA750 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\MRX~1.Y\AppData\Local\Temp\kxldypob.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!EngSetLastError + 608 fffff96000164b94 8 bytes [2C, 36, AD, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000193e00 7 bytes [00, 96, F3, FF, 01, A1, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000193e08 3 bytes [C0, 06, 02]
.text ... * 106
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 404 fffff96000252b28 6 bytes {JMP QWORD [RIP-0xba4d6]}

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\services.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752da2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752da2ba 1 byte [62]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752da2ba 1 byte [62]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767c1465 2 bytes [7C, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767c14bb 2 bytes [7C, 76]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[2204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752da2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[3232] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000774ceecd 1 byte [62]
.text C:\Users\Mr x.y\Desktop\Gmer-19357.exe[3548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752da2ba 1 byte [62]

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

schrauber · 24.02.2014, 07:51

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

hashtag# · 24.02.2014, 10:11

Hallo,

sorry, dass ich das nicht gleich in code gepackt habe!

Hier ist dann alles:

defogger-disable

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:13 on 24/02/2014 (Mr x.y)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Mr x.y (administrator) on MRXY-PC on 24-02-2014 00:15:32
Running from C:\Users\Mr x.y\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-08] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKU\S-1-5-21-559131315-3914047173-678271574-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-559131315-3914047173-678271574-1000\...\MountPoints2: {5f03adb6-f5f7-11e2-982c-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-559131315-3914047173-678271574-1000\...\MountPoints2: {68ab6649-f91c-11e2-a24e-806e6f6e6963} - D:\EAWXLauncher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-26]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-30]
CHR Extension: (Google Search) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-30]
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob [2013-11-30]
CHR Extension: (avast! Online Security) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Gmail) - C:\Users\Mr x.y\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-19]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-08] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-08] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R2 WinRing0_1_2_0; C:\Users\Mr x.y\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [14544 2013-07-31] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 00:15 - 2014-02-24 00:15 - 00010103 _____ () C:\Users\Mr x.y\Desktop\FRST.txt
2014-02-24 00:15 - 2014-02-24 00:15 - 00000000 ____D () C:\FRST
2014-02-24 00:14 - 2014-02-24 00:14 - 02155520 _____ (Farbar) C:\Users\Mr x.y\Desktop\FRST64.exe
2014-02-24 00:13 - 2014-02-24 00:13 - 00000474 _____ () C:\Users\Mr x.y\Desktop\defogger_disable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000246 _____ () C:\Users\Mr x.y\Desktop\defogger_enable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000000 _____ () C:\Users\Mr x.y\defogger_reenable
2014-02-24 00:11 - 2014-02-24 00:11 - 00050477 _____ () C:\Users\Mr x.y\Desktop\Defogger.exe
2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Petroglyph
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\InstallShield
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-23 21:10 - 2014-02-23 21:15 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-02-23 19:15 - 2014-02-23 19:15 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 19:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-23 19:09 - 2014-02-23 23:34 - 00000000 ____D () C:\AdwCleaner
2014-02-23 19:09 - 2014-02-23 19:09 - 01241834 _____ () C:\Users\Mr x.y\Desktop\adwcleaner.exe
2014-02-23 15:50 - 2014-02-23 18:05 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-02-23 15:50 - 2014-02-23 15:50 - 00004116 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
2014-02-23 15:50 - 2014-02-23 15:50 - 00003436 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
2014-02-23 15:50 - 2010-05-21 12:11 - 01147392 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe
2014-02-23 15:50 - 2010-05-21 12:11 - 00485376 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr
2014-02-23 15:40 - 2014-02-23 18:06 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Wise Registry Cleaner
2014-02-23 15:39 - 2014-02-23 15:39 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-02-23 13:40 - 2014-02-24 00:10 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}.job
2014-02-23 13:40 - 2014-02-23 13:40 - 00003252 _____ () C:\Windows\System32\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}
2014-02-15 14:02 - 2014-02-15 14:02 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-02-15 13:43 - 2014-02-15 13:44 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-14 12:27 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 12:27 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 12:26 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 12:26 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 12:26 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 12:26 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 12:26 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 12:26 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 12:26 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 12:26 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 12:26 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 12:26 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 12:26 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 12:26 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 12:26 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 12:26 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 12:26 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 12:26 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 12:26 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 12:26 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 12:26 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 12:26 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 12:26 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 12:26 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 12:26 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 12:26 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 12:26 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 12:26 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 12:26 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 12:26 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 12:26 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 12:26 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 12:26 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 12:26 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 12:26 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 12:26 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 12:26 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 12:26 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 12:26 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 12:26 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 12:26 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-14 09:09 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 09:09 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-14 09:09 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 09:09 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 09:09 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 09:09 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-14 09:09 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 09:09 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 09:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 09:09 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 09:09 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 09:09 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 09:09 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 09:09 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 09:09 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 09:09 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 09:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 09:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 09:09 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 09:09 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 09:09 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 09:09 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 09:09 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 09:09 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 09:09 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:03 - 2014-02-13 11:03 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-13 10:59 - 2014-02-23 23:29 - 00000000 ____D () C:\Users\Mr x.y\AppData\Local\PMB Files
2014-02-13 10:59 - 2014-02-23 23:29 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-13 10:59 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-13 10:59 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-13 10:59 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-02-10 19:21 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BXL.dll
2014-02-10 19:21 - 2012-11-09 10:43 - 00088064 _____ () C:\Windows\SysWOW64\CNC176DD.TBL
2014-02-10 19:21 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-02-10 19:19 - 2014-02-10 19:19 - 00000000 ____D () C:\Program Files\Canon
2014-02-10 11:28 - 2014-02-15 13:44 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Canon
2014-02-10 11:28 - 2014-02-10 11:28 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-02-10 11:27 - 2014-02-15 14:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-10 11:27 - 2014-02-10 11:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-02-10 11:19 - 2014-02-10 19:20 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-02-10 11:15 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBX.DLL
2014-02-10 11:15 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BXL.dll
2014-02-10 11:15 - 2012-11-09 10:43 - 00088064 _____ () C:\Windows\system32\CNC176DD.TBL
2014-02-10 11:15 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BXC.dll
2014-02-10 11:15 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BXI.dll
2014-02-10 11:15 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-02-10 11:14 - 2014-02-10 19:21 - 00000000 ____D () C:\Program Files (x86)\Canon

==================== One Month Modified Files and Folders =======

2014-02-24 00:15 - 2014-02-24 00:15 - 00010103 _____ () C:\Users\Mr x.y\Desktop\FRST.txt
2014-02-24 00:15 - 2014-02-24 00:15 - 00000000 ____D () C:\FRST
2014-02-24 00:14 - 2014-02-24 00:14 - 02155520 _____ (Farbar) C:\Users\Mr x.y\Desktop\FRST64.exe
2014-02-24 00:13 - 2014-02-24 00:13 - 00000474 _____ () C:\Users\Mr x.y\Desktop\defogger_disable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000246 _____ () C:\Users\Mr x.y\Desktop\defogger_enable.log
2014-02-24 00:13 - 2014-02-24 00:13 - 00000000 _____ () C:\Users\Mr x.y\defogger_reenable
2014-02-24 00:13 - 2013-07-26 15:17 - 00000000 ____D () C:\Users\Mr x.y
2014-02-24 00:11 - 2014-02-24 00:11 - 00050477 _____ () C:\Users\Mr x.y\Desktop\Defogger.exe
2014-02-24 00:10 - 2014-02-23 13:40 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}.job
2014-02-23 23:57 - 2013-11-30 22:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 23:57 - 2009-07-14 05:45 - 00026480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 23:57 - 2009-07-14 05:45 - 00026480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 23:54 - 2013-07-27 00:27 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-23 23:54 - 2013-07-27 00:27 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-23 23:54 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 23:53 - 2013-07-26 15:17 - 01835259 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 23:50 - 2013-11-30 22:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 23:50 - 2010-11-21 04:47 - 00357858 _____ () C:\Windows\PFRO.log
2014-02-23 23:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 23:50 - 2009-07-14 05:51 - 00054973 _____ () C:\Windows\setupact.log
2014-02-23 23:43 - 2013-07-26 17:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 23:35 - 2013-08-25 10:14 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Mozilla
2014-02-23 23:34 - 2014-02-23 19:09 - 00000000 ____D () C:\AdwCleaner
2014-02-23 23:29 - 2014-02-13 10:59 - 00000000 ____D () C:\Users\Mr x.y\AppData\Local\PMB Files
2014-02-23 23:29 - 2014-02-13 10:59 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-23 22:23 - 2013-07-26 15:17 - 00000000 ____D () C:\Users\Mr x.y\AppData\Local\VirtualStore
2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Petroglyph
2014-02-23 21:28 - 2013-10-27 13:17 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-23 21:28 - 2013-07-27 09:42 - 00201086 _____ () C:\Windows\DirectX.log
2014-02-23 21:15 - 2014-02-23 21:10 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-02-23 21:15 - 2013-07-26 15:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\InstallShield
2014-02-23 21:13 - 2014-02-23 21:13 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-23 21:13 - 2013-08-07 11:41 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-23 19:43 - 2013-08-09 08:34 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\DVDVideoSoft
2014-02-23 19:15 - 2014-02-23 19:15 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-23 19:15 - 2014-02-23 19:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 19:09 - 2014-02-23 19:09 - 01241834 _____ () C:\Users\Mr x.y\Desktop\adwcleaner.exe
2014-02-23 18:08 - 2013-07-26 17:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-23 18:06 - 2014-02-23 15:40 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Wise Registry Cleaner
2014-02-23 18:05 - 2014-02-23 15:50 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-02-23 15:50 - 2014-02-23 15:50 - 00004116 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
2014-02-23 15:50 - 2014-02-23 15:50 - 00003436 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
2014-02-23 15:39 - 2014-02-23 15:39 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-02-23 14:32 - 2013-07-26 17:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-23 14:31 - 2013-08-05 16:27 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-23 14:29 - 2013-08-06 14:05 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-23 14:26 - 2013-07-27 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-02-23 14:25 - 2013-07-27 09:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-23 14:20 - 2013-08-29 20:58 - 00000000 ____D () C:\Users\Mr x.y\Documents\EA Games
2014-02-23 13:40 - 2014-02-23 13:40 - 00003252 _____ () C:\Windows\System32\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}
2014-02-23 00:19 - 2013-07-26 20:02 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\TS3Client
2014-02-22 21:39 - 2013-07-26 17:21 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Skype
2014-02-22 12:59 - 2013-11-30 22:42 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 11:18 - 2013-07-26 17:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 11:18 - 2013-07-26 17:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:18 - 2013-07-26 17:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 10:10 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 00:24 - 2013-08-14 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 00:23 - 2013-07-26 16:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 21:52 - 2013-11-30 22:41 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 21:52 - 2013-11-30 22:41 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 14:02 - 2014-02-15 14:02 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-02-15 14:02 - 2014-02-10 11:27 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-02-15 13:44 - 2014-02-15 13:43 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-15 13:44 - 2014-02-10 11:28 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\Canon
2014-02-15 13:30 - 2013-08-04 22:17 - 00000000 ____D () C:\Users\Mr x.y\AppData\Roaming\vlc
2014-02-14 20:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 12:28 - 2013-07-26 15:36 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 11:03 - 2014-02-13 11:03 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-13 11:00 - 2013-07-26 17:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-11 11:15 - 2013-12-04 19:34 - 00349498 _____ () C:\Windows\DPINST.LOG
2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-02-10 19:31 - 2013-12-01 23:29 - 00000000 ____D () C:\Users\Mr x.y\Desktop\Rubbish
2014-02-10 19:21 - 2014-02-10 11:14 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-10 19:21 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2014-02-10 19:20 - 2014-02-10 11:19 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-02-10 19:19 - 2014-02-10 19:19 - 00000000 ____D () C:\Program Files\Canon
2014-02-10 11:28 - 2014-02-10 11:28 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-02-10 11:27 - 2014-02-10 11:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-10 11:15 - 2014-02-10 11:15 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-02-08 20:35 - 2013-07-26 17:19 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 20:34 - 2014-01-08 19:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-08 20:34 - 2013-07-26 17:19 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 20:34 - 2013-07-26 17:19 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 20:34 - 2013-07-26 17:19 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 20:34 - 2013-07-26 17:19 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 20:34 - 2013-07-26 17:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-06 13:16 - 2014-02-14 12:26 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 12:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 12:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 12:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 12:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 12:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-14 12:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-14 12:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 12:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 12:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 12:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 12:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 12:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 12:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 12:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 12:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 12:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 12:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 12:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-14 12:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-14 12:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 12:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 12:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 12:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 12:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 12:26 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 12:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 12:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 12:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 12:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 12:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 12:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 12:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 12:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Mr x.y\AppData\Local\Temp\7z920.exe
C:\Users\Mr x.y\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\Mr x.y\AppData\Local\Temp\COMAP.EXE
C:\Users\Mr x.y\AppData\Local\Temp\devcon64.exe
C:\Users\Mr x.y\AppData\Local\Temp\EADD403.exe
C:\Users\Mr x.y\AppData\Local\Temp\EADEB57.exe
C:\Users\Mr x.y\AppData\Local\Temp\gkc.exe
C:\Users\Mr x.y\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Mr x.y\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Mr x.y\AppData\Local\Temp\Notification.exe
C:\Users\Mr x.y\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Mr x.y\AppData\Local\Temp\sfextra.dll
C:\Users\Mr x.y\AppData\Local\Temp\sonarinst.exe
C:\Users\Mr x.y\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Mr x.y\AppData\Local\Temp\uninst1.exe
C:\Users\Mr x.y\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Mr x.y\AppData\Local\Temp\v-bates.exe
C:\Users\Mr x.y\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Mr x.y\AppData\Local\Temp\_is3238.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 11:04

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 02
Ran by Mr x.y at 2014-02-24 00:15:46
Running from C:\Users\Mr x.y\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series Benutzerregistrierung (HKLM-x32\...\Canon MG2500 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CPUID CPU-Z 1.65.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version:  - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wise Registry Cleaner 7.94 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 7.94 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

23-02-2014 20:10:35 Installiert Star Wars Empire at War

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {20C4D875-DFFE-4533-8680-298B3303B0BD} - System32\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F} => C:\Program Files\V-bates\PrefHelper.exe
Task: {72A25A09-3C19-41F0-86B2-BAA03314D21B} - \DSite No Task File
Task: {BB153208-2395-4453-88E1-42BCF5E5B6F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-30] (Google Inc.)
Task: {C10E5003-ACE8-47FE-9605-C9A981304B44} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-08] (AVAST Software)
Task: {D38B2C17-DAC9-4E80-A5BF-AB18C9E38CA2} - \QtraxPlayer No Task File
Task: {E63A7E1F-2059-4898-900E-CD1CBD816CF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {F8833570-4901-458E-A5BE-27409D400395} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {6E928246-F79C-44F2-9C9A-FDF73C59466F}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-10 19:29 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-02-13 11:00 - 2014-02-10 10:40 - 01378144 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
2014-02-23 18:08 - 2014-02-23 16:28 - 02181632 _____ () C:\Program Files\AVAST Software\Avast\defs\14022301\algo.dll
2013-11-19 16:56 - 2013-11-19 16:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-13 11:00 - 2014-02-10 10:40 - 00907616 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\libglesv2.dll
2014-02-13 11:00 - 2014-02-10 10:40 - 00108896 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\libegl.dll
2014-02-13 11:00 - 2014-02-10 10:40 - 00890208 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2014 11:52:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 11:34:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:17:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: swfoc.exe, Version: 1.0.0.0, Zeitstempel: 0x4523253d
Name des fehlerhaften Moduls: swfoc.exe, Version: 1.0.0.0, Zeitstempel: 0x4523253d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014ec5a
ID des fehlerhaften Prozesses: 0xe0c
Startzeit der fehlerhaften Anwendung: 0xswfoc.exe0
Pfad der fehlerhaften Anwendung: swfoc.exe1
Pfad des fehlerhaften Moduls: swfoc.exe2
Berichtskennung: swfoc.exe3

Error: (02/23/2014 08:07:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:46:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:21:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:12:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:46:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:08:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:16:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/23/2014 04:13:16 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/23/2014 02:28:30 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/23/2014 02:28:30 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2014 11:12:18 AM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/19/2014 01:45:08 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/16/2014 09:18:26 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (01/11/2014 08:54:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (12/14/2013 11:32:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/14/2013 11:32:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (12/12/2013 09:07:09 PM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}


Microsoft Office Sessions:
=========================
Error: (02/23/2014 11:52:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 11:34:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:17:37 PM) (Source: Application Error)(User: )
Description: swfoc.exe1.0.0.04523253dswfoc.exe1.0.0.04523253dc00000050014ec5ae0c01cf30d4367fb475C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exeC:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe8967ccd4-9cc7-11e3-9615-d43d7ec0010b

Error: (02/23/2014 08:07:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:46:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:21:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:12:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:46:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 06:08:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:16:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8120.61 MB
Available physical RAM: 6183.17 MB
Total Pagefile: 16239.4 MB
Available Pagefile: 14014.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:318.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B0F150C0)

Partition: GPT Partition Type.

==================== End Of Log ============================

GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-24 00:30:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA050 rev.MS1OA750 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\MRX~1.Y\AppData\Local\Temp\kxldypob.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!EngSetLastError + 608                                                                         fffff96000164b94 8 bytes [2C, 36, AD, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                              fffff96000193e00 7 bytes [00, 96, F3, FF, 01, A1, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                          fffff96000193e08 3 bytes [C0, 06, 02]
.text  ...                                                                                                                          * 106
.text  C:\Windows\System32\win32k.sys!EngGetProcessHandle + 404                                                                     fffff96000252b28 6 bytes {JMP QWORD [RIP-0xba4d6]}

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\services.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\atiesrxx.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   00000000774ceecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   00000000774ceecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  00000000752da2ba 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112     00000000752da2ba 1 byte [62]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  00000000752da2ba 1 byte [62]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000767c1465 2 bytes [7C, 76]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000767c14bb 2 bytes [7C, 76]
.text  ...                                                                                                                          * 2
.text  C:\Windows\system32\taskhost.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                 00000000774ceecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          00000000774ceecd 1 byte [62]
.text  C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[2204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112    00000000752da2ba 1 byte [62]
.text  C:\Windows\system32\svchost.exe[2420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\wbem\wmiprvse.exe[2652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                            00000000774ceecd 1 byte [62]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                 00000000774ceecd 1 byte [62]
.text  C:\Program Files\Windows Sidebar\sidebar.exe[2116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                     00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[3624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                            00000000774ceecd 1 byte [62]
.text  C:\Windows\system32\AUDIODG.EXE[3232] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                  00000000774ceecd 1 byte [62]
.text  C:\Users\Mr x.y\Desktop\Gmer-19357.exe[3548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                           00000000752da2ba 1 byte [62]

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----

Malewarebytes (urspr. Test) Flash-Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mr x.y :: MRXY-PC [Administrator]

Schutz: Aktiviert

23.02.2014 19:17:19
mbam-log-2014-02-23 (19-17-19).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 180369
Laufzeit: 14 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Universal Updater\UpdaterService.exe (PUP.Optional.UniversalUpdater.A) -> 124 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SYSTEM\CurrentControlSet\Services\UniversalUpdater (PUP.Optional.UniversalUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB705064-D600-4F0E-B5F1-868EFB973F5E} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{85DE85E5-D992-4276-9B06-60948364EA14} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SYSTEM\CurrentControlSet\Services\UniversalUpdater|ImagePath (PUP.Optional.UniversalUpdater.A) -> Daten: C:\Program Files (x86)\Universal Updater\UpdaterService.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\Universal Updater (PUP.Optional.UniversalUpdater.A) -> Löschen bei Neustart.
C:\Users\Mr x.y\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Program Files (x86)\Universal Updater\UpdaterService.exe (PUP.Optional.UniversalUpdater.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Universal Updater\settings.json (PUP.Optional.UniversalUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malewarebytes "normaler" Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mr x.y :: MRXY-PC [Administrator]

Schutz: Aktiviert

23.02.2014 19:22:06
mbam-log-2014-02-23 (19-22-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364556
Laufzeit: 15 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\Users\Mr x.y\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA68JYNR\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\hd_streamer_install_new.exe (PUP.Optional.BesttoolBars) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\pricepeep_130001_0101.exe (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Combofix (lief ohne sich zu beschweren)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mr x.y :: MRXY-PC [Administrator]

Schutz: Aktiviert

23.02.2014 19:22:06
mbam-log-2014-02-23 (19-22-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364556
Laufzeit: 15 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\Users\Mr x.y\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA68JYNR\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\hd_streamer_install_new.exe (PUP.Optional.BesttoolBars) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\pricepeep_130001_0101.exe (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\5C446AF7-BAB0-7891-8A18-6F7F16BE38A8\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\C52B7D74-BAB0-7891-91BB-CEF93B553628\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mr x.y\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

schrauber · 25.02.2014, 10:03

Combofix Log fehlt

hashtag# · 26.02.2014, 11:45

Danke für deine Geduld mit mir!

Hier jetzt aber der Combofix:

Code:

ATTFilter

ComboFix 14-02-24.01 - Mr x.y 24.02.2014   9:54.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8121.6472 [GMT 1:00]
ausgeführt von:: c:\users\Mr x.y\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-24 bis 2014-02-24  ))))))))))))))))))))))))))))))
.
.
2014-02-24 08:56 . 2014-02-24 08:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-23 23:15 . 2014-02-23 23:16	--------	d-----w-	C:\FRST
2014-02-23 20:30 . 2014-02-23 20:30	--------	d-----w-	c:\users\Mr x.y\AppData\Roaming\Petroglyph
2014-02-23 20:13 . 2014-02-23 20:13	--------	d-----w-	c:\users\Mr x.y\AppData\Roaming\InstallShield
2014-02-23 20:13 . 2014-02-23 20:13	--------	d-----w-	c:\programdata\InstallShield
2014-02-23 20:10 . 2014-02-23 20:15	--------	d-----w-	c:\program files (x86)\LucasArts
2014-02-23 20:07 . 2005-04-03 22:02	753664	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2014-02-23 20:07 . 2005-04-03 22:02	69714	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2014-02-23 20:07 . 2005-04-03 22:01	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2014-02-23 20:07 . 2005-04-03 22:00	184320	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2014-02-23 20:07 . 2005-04-03 22:00	63488	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2014-02-23 20:07 . 2005-04-03 21:59	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2014-02-23 20:07 . 2014-02-23 20:07	200836	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2014-02-23 20:07 . 2014-02-23 20:07	331908	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2014-02-23 18:15 . 2014-02-23 18:15	--------	d-----w-	c:\users\Mr x.y\AppData\Roaming\Malwarebytes
2014-02-23 18:15 . 2014-02-23 18:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-23 18:15 . 2014-02-23 18:15	--------	d-----w-	c:\programdata\Malwarebytes
2014-02-23 18:15 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-02-23 18:09 . 2014-02-23 22:34	--------	d-----w-	C:\AdwCleaner
2014-02-23 14:50 . 2014-02-23 17:05	--------	d-----w-	c:\program files\MyDefrag v4.3.1
2014-02-23 14:50 . 2010-05-21 11:11	485376	----a-w-	c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2014-02-23 14:50 . 2010-05-21 11:11	1147392	----a-w-	c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2014-02-23 14:40 . 2014-02-23 17:06	--------	d-----w-	c:\users\Mr x.y\AppData\Roaming\Wise Registry Cleaner
2014-02-23 14:39 . 2014-02-23 14:39	--------	d-----w-	c:\program files (x86)\Wise
2014-02-21 10:16 . 2014-02-06 09:01	10536864	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{24A4B920-850F-4351-89E5-A07ABF1184EB}\mpengine.dll
2014-02-15 13:02 . 2014-02-15 13:02	--------	d--h--w-	c:\programdata\CanonIJMyPrinter
2014-02-15 12:43 . 2014-02-15 12:44	--------	d--h--w-	c:\programdata\CanonIJScan
2014-02-14 11:27 . 2013-12-21 09:53	548864	----a-w-	c:\windows\system32\vbscript.dll
2014-02-14 11:27 . 2013-12-21 08:56	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-02-14 08:09 . 2013-12-06 02:30	1882112	----a-w-	c:\windows\system32\msxml3.dll
2014-02-13 09:59 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2014-02-13 09:59 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2014-02-13 09:59 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2014-02-13 09:59 . 2014-02-23 22:29	--------	d-----w-	c:\users\Mr x.y\AppData\Local\PMB Files
2014-02-13 09:59 . 2014-02-23 22:29	--------	d-----w-	c:\programdata\PMB Files
2014-02-10 18:21 . 2013-02-04 14:10	321536	----a-w-	c:\windows\SysWow64\CNC_BXL.dll
2014-02-10 18:21 . 2008-08-25 17:02	15872	----a-w-	c:\windows\SysWow64\CNHMCA.dll
2014-02-10 18:19 . 2014-02-10 18:19	--------	d-----w-	c:\program files\Canon
2014-02-10 10:28 . 2014-02-15 12:44	--------	d-----w-	c:\users\Mr x.y\AppData\Roaming\Canon
2014-02-10 10:28 . 2014-02-10 10:28	--------	d--h--w-	c:\programdata\CanonIJQuickMenu
2014-02-10 10:27 . 2014-02-15 13:02	--------	d-----w-	c:\programdata\CanonIJPLM
2014-02-10 10:27 . 2014-02-10 10:27	--------	d--h--w-	c:\programdata\CanonIJEGV
2014-02-10 10:19 . 2014-02-10 18:20	--------	d-----w-	c:\programdata\CanonIJWSpt
2014-02-10 10:15 . 2014-02-10 10:15	--------	d--h--w-	c:\programdata\CanonBJ
2014-02-10 10:15 . 2013-03-24 04:00	30208	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPDBX.DLL
2014-02-10 10:15 . 2013-03-24 04:00	101888	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPPBX.DLL
2014-02-10 10:15 . 2013-02-04 14:12	367104	----a-w-	c:\windows\system32\CNC_BXL.dll
2014-02-10 10:15 . 2012-11-08 12:04	282624	----a-w-	c:\windows\system32\CNC_BXC.dll
2014-02-10 10:15 . 2012-11-08 12:03	106496	----a-w-	c:\windows\system32\CNC_BXI.dll
2014-02-10 10:15 . 2008-08-25 17:02	17920	----a-w-	c:\windows\system32\CNHMCA6.dll
2014-02-10 10:15 . 2013-03-24 04:00	391168	----a-w-	c:\windows\system32\CNMLMBX.DLL
2014-02-10 10:14 . 2014-02-10 18:21	--------	d-----w-	c:\program files (x86)\Canon
2014-01-26 08:21 . 2014-01-26 08:21	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 10:18 . 2013-07-26 16:38	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 10:18 . 2013-07-26 16:38	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 23:23 . 2013-07-26 15:35	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-02-08 19:34 . 2014-01-08 18:06	80184	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-02-08 19:34 . 2013-07-26 16:19	421704	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-02-08 19:34 . 2013-07-26 16:19	1038072	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-02-08 19:34 . 2013-07-26 16:19	78648	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-02-08 19:34 . 2013-07-26 16:19	334136	----a-w-	c:\windows\system32\aswBoot.exe
2014-02-08 19:34 . 2013-07-26 16:12	43152	----a-w-	c:\windows\avastSS.scr
2014-01-08 18:06 . 2013-07-26 16:19	207904	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-18 05:13 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2013-12-05 20:14 . 2013-08-06 14:26	282296	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-12-03 14:15 . 2013-12-03 14:15	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 14:15 . 2013-12-03 14:15	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-12-03 14:15 . 2013-12-03 14:15	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-12-03 14:15 . 2013-12-03 14:15	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 14:15 . 2013-12-03 14:15	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-12-03 14:15 . 2013-12-03 14:15	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 14:15 . 2013-12-03 14:15	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 14:15 . 2013-12-03 14:15	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 14:15 . 2013-12-03 14:15	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-12-03 14:15 . 2013-12-03 14:15	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-12-03 14:15 . 2013-12-03 14:15	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 14:15 . 2013-12-03 14:15	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-12-03 14:15 . 2013-12-03 14:15	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-12-03 14:15 . 2013-12-03 14:15	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-12-03 14:15 . 2013-12-03 14:15	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-12-03 14:15 . 2013-12-03 14:15	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 14:15 . 2013-12-03 14:15	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-12-03 14:15 . 2013-12-03 14:15	247808	----a-w-	c:\windows\system32\msls31.dll
2013-12-03 14:15 . 2013-12-03 14:15	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-12-03 14:15 . 2013-12-03 14:15	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-12-03 14:15 . 2013-12-03 14:15	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-12-03 14:15 . 2013-12-03 14:15	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-12-03 14:15 . 2013-12-03 14:15	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-12-03 14:15 . 2013-12-03 14:15	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-12-03 14:15 . 2013-12-03 14:15	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-12-03 14:15 . 2013-12-03 14:15	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-12-03 14:15 . 2013-12-03 14:15	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 14:15 . 2013-12-03 14:15	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-12-03 14:15 . 2013-12-03 14:15	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 14:15 . 2013-12-03 14:15	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-12-03 14:15 . 2013-12-03 14:15	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-12-03 14:15 . 2013-12-03 14:15	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-12-03 14:15 . 2013-12-03 14:15	81408	----a-w-	c:\windows\system32\icardie.dll
2013-12-03 14:15 . 2013-12-03 14:15	774144	----a-w-	c:\windows\system32\jscript.dll
2013-12-03 14:15 . 2013-12-03 14:15	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-12-03 14:15 . 2013-12-03 14:15	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-12-03 14:15 . 2013-12-03 14:15	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-12-03 14:15 . 2013-12-03 14:15	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-12-03 14:15 . 2013-12-03 14:15	413696	----a-w-	c:\windows\system32\html.iec
2013-12-03 14:15 . 2013-12-03 14:15	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 14:15 . 2013-12-03 14:15	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-12-03 14:15 . 2013-12-03 14:15	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-12-03 14:15 . 2013-12-03 14:15	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-12-03 14:15 . 2013-12-03 14:15	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-12-03 14:15 . 2013-12-03 14:15	235520	----a-w-	c:\windows\system32\url.dll
2013-12-03 14:15 . 2013-12-03 14:15	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-12-03 14:15 . 2013-12-03 14:15	147968	----a-w-	c:\windows\system32\occache.dll
2013-12-03 14:15 . 2013-12-03 14:15	143872	----a-w-	c:\windows\system32\wextract.exe
2013-12-03 14:15 . 2013-12-03 14:15	13824	----a-w-	c:\windows\system32\mshta.exe
2013-12-03 14:15 . 2013-12-03 14:15	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-12-03 14:15 . 2013-12-03 14:15	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-12-03 14:15 . 2013-12-03 14:15	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-27 01:41 . 2014-01-15 12:25	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 12:25	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 12:25	53248	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 12:25	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 12:25	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 12:25	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 12:25	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 12:25	376768	----a-w-	c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 12:25	3156480	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-08 3767096]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-02 1282120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Mr x.y\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys;c:\users\Mr x.y\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 11:58	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-26 10:18]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-30 21:41]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-30 21:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-08 19:34	287280	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-24  09:58:23
ComboFix-quarantined-files.txt  2014-02-24 08:58
.
Vor Suchlauf: 15 Verzeichnis(se), 341.970.612.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 342.888.370.176 Bytes frei
.
- - End Of File - - C20BB8DFE49D090E40FC76FD31ED583E
5FB38429D5D77768867C76DCBDB35194

schrauber · 27.02.2014, 11:54

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

25.02.2014, 10:03	#4
schrauber /// the machine /// TB-Ausbilder	Windows 7: Werbefenster in Firefox öffnen sich ohne Grund+Malewarebefund durch Avast Combofix Log fehlt __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Werbefenster in Firefox öffnen sich ohne Grund+Malewarebefund durch Avast

Log-Analyse und Auswertung: Windows 7: Werbefenster in Firefox öffnen sich ohne Grund+Malewarebefund durch Avast