Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Vista Befall mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2 (https://www.trojaner-board.de/143147-windows-vista-befall-tr-atraps-gen-tr-atraps-gen2.html)

Swarley 16.10.2013 19:51
Windows Vista Befall mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
 
Hallo,


ich habe mir heute durch eigene Dummheit mein System (Windows Vista Service Pack 2, 64bit) mit dem Virus TR/ATRAPS.Gen infiziert. Die Infektion besteht seit heute etwa 16 Uhr, als Avira angeschlagen hat, zugefügt hab ich sie mir über Rootkit 0access durch ein gefaktes Flashplayer-Update. Ein Scan mit aktuellem Malwarebytes Anti-Malware brachte keine vollständige Lösung des Problems, die Logdateien füge ich dem Post an. Ich hoffe nun darauf, dass ihr mir helfen könnt, mein System daran zu befreien, noch hab ich die Hoffnung, dass dies ohne Formattieren und komplettes Neuaufsetzen der Systempartition möglich ist. Im Voraus schon vielen Dank für die Hilfe.

1. vollständiger Systemscan:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
msi :: MSI-PC [limitiert]

Schutz: Aktiviert

16.10.2013 16:40:21
mbam-log-2013-10-16 (16-40-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 545432
Laufzeit: 1 Stunde(n), 34 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
D:\SoftonicDownloader_fuer_k-lite-codec-pack.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
D:\DTLite4454-0316.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
D:\winamp5621_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
D:\ICQ7.6\install_dll\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
D:\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.
D:\Age of Empires II CDs\Age_Of_Empires_II_+AOE_2_Expansion\Age Of Empires II+Age of Empires 2 Expansion\Daemon Tools Lite\DTLite4471-0335.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
c:\program files\google\desktop\install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\  \...\*ﯹ๛\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\u\00000004.@ (Rootkit.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\program files\google\desktop\install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\  \...\*ﯹ๛\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\u\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\program files\google\desktop\install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\  \...\*ﯹ๛\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\u\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Löschen bei Neustart.

(Ende)
weitere Scans der Systempartition:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
msi :: MSI-PC [limitiert]

Schutz: Aktiviert

16.10.2013 18:22:39
mbam-log-2013-10-16 (18-22-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380279
Laufzeit: 1 Stunde(n), 16 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Löschen bei Neustart.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
msi :: MSI-PC [limitiert]

Schutz: Aktiviert

16.10.2013 19:47:47
mbam-log-2013-10-16 (19-47-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246186
Laufzeit: 8 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Löschen bei Neustart.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
msi :: MSI-PC [limitiert]

Schutz: Aktiviert

16.10.2013 20:04:17
mbam-log-2013-10-16 (20-04-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246258
Laufzeit: 7 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Löschen bei Neustart.

(Ende)

schrauber 16.10.2013 21:28
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Swarley 16.10.2013 21:46
Hi Schrauber,

erstmal danke Dir für Deine Hilfe. Und hier sind die beiden Protokolle:

FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by msi (administrator) on MSI-PC on 16-10-2013 22:39:28
Running from C:\Users\msi\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
() D:\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Mirco-Star International  CO., LTD.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Geek Software GmbH) D:\PDF24\pdf24.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) D:\DAEMON Tools Lite\daemon.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) D:\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\System Control Manager\MSIService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-16] (Intel Corporation)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [794624 2008-05-21] (Mirco-Star International  CO., LTD.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [671744 2007-10-26] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [220552 2011-02-01] (Geek Software GmbH)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - D:\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - D:\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - D:\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKCU\...\Run: [EPSON SX420W Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_SE29.tmp" /EF "HKCU"
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {32aab7cf-8b2c-11de-8aaa-001d925a8f20} - G:\LaunchU3.exe -a
MountPoints2: {544de27b-e378-11de-aecf-001d925a8f20} - I:\DTSP_Launcher.exe
MountPoints2: {75336a54-7709-11de-b810-001d925a8f20} - F:\_aom.exe
MountPoints2: {9cae7ff4-5154-11df-a9b0-001d925a8f20} - G:\Menu.exe
MountPoints2: {b8da1e77-9421-11dd-a73b-806e6f6e6963} - E:\Start.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default
FF NetworkProxy: "ftp", "84.22.61.145"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "84.22.61.145"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "84.22.61.145"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "84.22.61.145"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\msi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: testpilot - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{145e79b6-6c19-4b9c-915a-45c90a2f06a5}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe

========================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 CVPND; D:\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 Hamachi2Svc; D:\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 MBAMScheduler; D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [159744 2008-02-22] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S2 gupdate1c9c13285f54b73; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\  \...\???\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [449024 2008-04-28] (AfaTech                  )
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-07-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-07-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PKWCap; C:\Windows\System32\DRIVERS\PKWCap.sys [995328 2008-04-28] (NXP Semiconductors Germany GmbH)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-20] (Avira GmbH)
U3 ac0tryq4; C:\Windows\System32\Drivers\ac0tryq4.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 oflpydin; \??\C:\Users\msi\AppData\Local\Temp\oflpydin.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 vpnva; system32\DRIVERS\vpnva.sys [x]
R3 WinRing0_1_2_0; \??\D:\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 22:37 - 2013-10-16 22:38 - 01087213 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Program Files\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-12 12:16 - 2013-10-12 12:17 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-10 12:09 - 2013-09-24 05:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 12:09 - 2013-09-24 05:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-10 12:09 - 2013-09-23 22:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-10 12:09 - 2013-09-23 22:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 15:37 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 15:37 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 15:37 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 15:37 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 15:37 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 15:37 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 15:37 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 15:37 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:37 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 15:37 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 15:37 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 15:37 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 15:37 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 15:37 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 15:37 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 15:37 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 15:37 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 15:37 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 15:36 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 15:36 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn

==================== One Month Modified Files and Folders =======

2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 22:39 - 2013-02-27 16:05 - 00000000 ____D C:\Users\msi\AppData\Local\PMB Files
2013-10-16 22:38 - 2013-10-16 22:37 - 01087213 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-16 22:38 - 2008-10-07 05:47 - 01137819 _____ C:\Windows\WindowsUpdate.log
2013-10-16 22:38 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.dat
2013-10-16 22:38 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.001
2013-10-16 22:34 - 2011-09-03 19:44 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn Hamachi
2013-10-16 22:33 - 2009-07-01 08:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-16 22:33 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-16 22:33 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 22:33 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 20:54 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-16 20:37 - 2008-07-25 04:39 - 01445356 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-16 20:31 - 2012-07-04 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-16 20:30 - 2008-01-21 04:47 - 00110234 _____ C:\Windows\PFRO.log
2013-10-16 20:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2013-10-16 19:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Globalization
2013-10-16 19:41 - 2006-11-02 13:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-10-16 18:58 - 2009-07-01 08:42 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-16 18:17 - 2008-07-25 03:43 - 00000000 ____D C:\Windows\de-DE
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Program Files\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-16 15:21 - 2008-10-13 04:51 - 00237568 _____ C:\Users\msi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-15 20:28 - 2008-09-15 11:35 - 00000414 ____H C:\Windows\Tasks\User_Feed_Synchronization-{73E21EEE-2D11-4265-9EF7-AAB1D4E482C6}.job
2013-10-14 12:35 - 2008-09-28 19:46 - 00000000 ____D C:\Users\msi\AppData\Roaming\Skype
2013-10-13 05:33 - 2012-03-19 09:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-12 12:17 - 2013-10-12 12:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-10 13:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 12:51 - 2006-11-02 14:47 - 00402328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 12:10 - 2008-07-24 00:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 12:06 - 2013-08-15 20:42 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 12:02 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 20:05 - 2008-10-13 04:54 - 00000000 ____D C:\Users\msi\AppData\Roaming\vlc
2013-10-09 17:32 - 2012-04-06 15:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 17:32 - 2011-05-17 22:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 08:11 - 2008-10-06 21:05 - 00111464 _____ C:\Users\msi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-01 12:11 - 2013-04-20 08:32 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-24 05:07 - 2013-10-10 12:09 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 05:06 - 2013-10-10 12:09 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 22:13 - 2013-10-10 12:09 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 22:01 - 2013-10-10 12:09 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-19 10:41 - 2008-07-23 23:18 - 00366004 _____ C:\Windows\DPINST.LOG
2013-09-19 10:40 - 2012-03-09 11:40 - 00001889 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-19 10:39 - 2008-07-23 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\msi\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\msi\AppData\Local\Temp\avgnt.exe
C:\Users\msi\AppData\Local\Temp\EBUCA01.exe
C:\Users\msi\AppData\Local\Temp\EBUCF5D.DLL
C:\Users\msi\AppData\Local\Temp\InstallFlashPlayer.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-16 22:40

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by msi at 2013-10-16 22:40:04
Running from C:\Users\msi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Advanced IM Password Recovery (HKCU Version: 3.80)
Age of Empires III (Version: 1.00.0000)
Age of Mythology
Age of Mythology - The Titans Expansion
Agere Systems HDA Modem
AIM
Anno 1404 (Version: 1.00.0000)
Apple Application Support (Version: 1.1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Atheros Client Installation Program (Version: 7.0)
Avira Free Antivirus (Version: 14.0.0.383)
Bluetooth Stack for Windows by Toshiba (Version: v6.00.03)
Bonjour (Version: 1.0.106)
BurnRecovery (Version: 1.0.0.00610)
Call of Duty
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
DAEMON Tools Toolbar (Version: 1.0.8.0552)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo
Diablo II
Diablo III (Version: 1.0.8.16603)
Disciples 2 Collector's Edition
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.9)
DivX-Setup (Version: 2.4.1.4)
Dolby Control Center (Version: 1.1.0402)
Enclave (Version: 1.0.0)
EPSON Copy Utility 3 (Version: 3.0.2.0)
EPSON Scan
EPSON Smart Panel
EPSON SX420W Series Handbuch
EPSON SX420W Series Netzwerk-Handbuch
EPSON SX420W Series Printer Uninstall
EPSON-Drucker-Software
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.2 (Version: 3.2a)
Google Chrome (Version: 17.0.963.66)
Google Update Helper (Version: 1.3.21.99)
Grand Theft Auto IV (Version: 1.00.0000)
Half-Life(R) 2 (Version: 1.0.0.0)
Heroes of Might and Magic V
ICQ7.6 (Version: 7.6)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software (Version: 12.00.0004)
Intel® Matrix Storage Manager
iTunes (Version: 9.0.2.25)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 37 (Version: 6.0.370)
JDownloader
JMicron JMB38X Flash Media Controller (Version: 1.00.14.03)
K-Lite Codec Pack 7.0.0 (Full) (Version: 7.0.0)
Lineage II
LogMeIn Hamachi (Version: 2.2.0.58)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Medal of Honor Pacific Assault(tm) (Version: 1.0)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Halo
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Miranda IM 0.8.3
Morrowind
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.12) (Version: 3.0.12 (de))
Mozilla Firefox (3.6.9) (HKCU Version: 3.6.9 (de))
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
MSI DVB-T USB BDA Driver
MSI Software Install (Version: 1.0.8.0630)
MSI TV Tuner Card BDA Driver
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
NCsoft Launcher (Version: 1.5.19002)
NVIDIA Drivers
NVIDIA PhysX (Version: 9.10.0513)
OpenOffice.org 3.0 (Version: 3.0.9379)
Pando Media Booster (Version: 2.6.0.8)
PDF24 Creator 2.9.1
Plants vs. Zombies
PlugY, The Survival Kit (Version: 10.00)
Prince of Persia The Sands of Time (Version: 1.00.181)
QuickTime (Version: 7.65.17.80)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5636)
Rise of Nations (Version: 1.0)
Rockstar Games Social Club (Version: 1.00.0000)
Sacred 2 (Version: 2.40.0.0)
ScanToWeb
ScummVM 0.9.1
Seven Kingdoms AA
Seven Kingdoms II
Silkroad
Skat-Online V7
Skype™ 6.5 (Version: 6.5.158)
Sony Ericsson Update Engine (Version: 2.13.6.201305161305)
Sony PC Companion 2.10.174 (Version: 2.10.174)
Source SDK Base
Star Wars Jedi Knight Jedi Academy
Star Wars(TM): Knights of the Old Republic (TM)
StarCraft II (Version: 1.3.1.18221)
Steam (Version: 1.0.0.0)
Stronghold Crusader
Stubbs The Zombie (Version: 1.00.0000)
System Control Manager (Version: 2.0108.0521.003.02)
TeamSpeak 2 RC2 (Version: 2.0.32.60)
TeamSpeak 3 Client
TES Construction Set
The House Of The Dead
Theme Park World
Theme Park World Fix (Version: 1.0.0)
Titan Quest (Version: 1.00.0000)
Titan Quest Immortal Throne (Version: 1.00.0000)
Tony Hawk's Pro Skater 2
TQVault 2.11
Ubisoft Game Launcher (Version: 1.0.0.0)
Ulead Burn.Now 4.5 (Version: 4.5.0)
Ulead Burn.Now 4.5 SE (Version: 4.5.0)
Ultima Online 2D Client (Version: 5.0.9)
UltraISO Premium V9.53
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Venetica
Viewpoint Media Player
VirtPet V1.21
VLC media player 2.0.2 (Version: 2.0.2)
Warcraft III
Warcraft III: All Products
Winamp (Version: 5.621 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
YOU DON'T KNOW JACK®
Zattoo 3.3.4 Beta (Version: 3.3.4 Beta)
Zattoo4 4.0.5 (Version: 4.0.5)
Zylom Games Player Plugin

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14D1354D-B0D3-4DEF-BA0D-DB6AE69ABDFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {300475CF-4D02-43B5-A359-02DC0D6F94FB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {542B048D-71BC-4D42-BA2B-D1F14293B9D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {54CA8CF0-165E-4A6B-AB8B-40D4C61F27E0} - System32\Tasks\Open Hardware Monitor\Startup => D:\OpenHardwareMonitor\OpenHardwareMonitor.exe [2013-07-14] ()
Task: {852A097D-865A-4F86-AF98-A1C066553219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9B194AA3-7D55-4A26-AFB1-8E8C189E9CAD} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {ECA2309C-AC23-4C22-BE68-62F7F15ACB4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{73E21EEE-2D11-4265-9EF7-AAB1D4E482C6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-10-20 16:00 - 2009-04-11 08:28 - 00223232 _____ () C:\Windows\system32\MSWSOCK.dll
2006-09-14 08:20 - 2006-09-14 08:20 - 00126464 _____ () C:\Program Files\WinRAR 3.61 Multi\rarext.dll
2008-07-23 23:45 - 2007-11-01 02:26 - 00053248 _____ () C:\Program Files\System Control Manager\MGKBHook.dll
2008-07-23 23:45 - 2008-02-22 08:43 - 00192512 _____ () C:\Program Files\System Control Manager\MSIWmiAcpi.dll
2009-11-03 16:51 - 2009-11-03 16:51 - 00039712 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
2009-11-03 16:51 - 2009-11-03 16:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2009-10-20 16:00 - 2009-04-11 08:28 - 00223232 _____ () C:\Windows\system32\mswsock.dll
2011-03-21 23:10 - 2011-03-21 23:10 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-03-01 11:26 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-03-01 11:26 - 2013-05-17 10:51 - 00207872 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2012-11-27 16:13 - 2012-11-27 16:13 - 00585728 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-03-01 11:26 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2005-07-23 06:30 - 2005-07-23 06:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2013 10:33:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 08:31:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 07:59:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 07:42:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 06:18:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 04:39:26 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 25.0.0.5031, Zeitstempel 0x52577eb8, fehlerhaftes Modul xul.dll, Version 25.0.0.5031, Zeitstempel 0x52577dbe, Ausnahmecode 0xc0000005, Fehleroffset 0x000da547,
Prozess-ID 0x750, Anwendungsstartzeit firefox.exe0.

Error: (10/16/2013 04:22:26 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc00000fd, Fehleroffset 0x0004a154,
Prozess-ID 0x5d4, Anwendungsstartzeit Explorer.EXE0.

Error: (10/16/2013 04:21:58 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc00000fd, Fehleroffset 0x0004a163,
Prozess-ID 0x16c, Anwendungsstartzeit Explorer.EXE0.

Error: (10/16/2013 11:43:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2013 11:41:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/16/2013 10:36:32 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/16/2013 10:36:22 PM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate1c9c13285f54b73)%%3

Error: (10/16/2013 10:33:52 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (10/16/2013 10:33:52 PM) (Source: Service Control Manager) (User: )
Description: 30000ABBYY FineReader 9.0 Sprint Licensing Service

Error: (10/16/2013 10:33:52 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (10/16/2013 08:34:46 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/16/2013 08:33:37 PM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate1c9c13285f54b73)%%3

Error: (10/16/2013 08:31:33 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (10/16/2013 08:31:33 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (10/16/2013 08:03:33 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032


Microsoft Office Sessions:
=========================
Error: (10/16/2013 10:33:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 08:31:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 07:59:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 07:42:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 06:18:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 04:39:26 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.0.503152577eb8xul.dll25.0.0.503152577dbec0000005000da54775001ceca76dfe1d3db

Error: (10/16/2013 04:22:26 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6002.1800549e01da5ntdll.dll6.0.6002.1888151da3e27c00000fd0004a1545d401ceca7b185db59b

Error: (10/16/2013 04:21:58 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6002.1800549e01da5ntdll.dll6.0.6002.1888151da3e27c00000fd0004a16316c01ceca540f37209b

Error: (10/16/2013 11:43:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2013 11:41:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-16 19:35:23.363
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:23.145
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:22.927
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:22.708
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:22.490
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:22.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:21.944
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:21.725
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:21.507
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:35:21.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3070.25 MB
Available physical RAM: 1476.04 MB
Total Pagefile: 6349.3 MB
Available Pagefile: 4484.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.73 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:43.95 GB) (Free:1.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:246.33 GB) (Free:16.5 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber 17.10.2013 11:11
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Swarley 17.10.2013 12:11
Hier das Protokoll des Combofix-Scan. Combofix hat über Avira gemeckert, obwohl ich Avira vor dem Start von Combofix deaktiviert hatte

Code:
ComboFix 13-10-16.02 - msi 17.10.2013  12:37:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1768 [GMT 2:00]
ausgeführt von:: c:\users\msi\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\@
c:\program files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\GoogleUpdate.exe
c:\program files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\U\00000004.@
c:\program files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\U\00000008.@
c:\program files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\U\000000cb.@
c:\program files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\U\80000032.@
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\msi\AppData\Local\assembly\tmp
c:\users\msi\AppData\Local\Google\Desktop\Install
c:\users\msi\AppData\Local\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\C3C1~1\01C8~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\@
c:\users\msi\AppData\Local\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\C3C1~1\01C8~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\GoogleUpdate.exe
c:\windows\~GLC0001.TMP
c:\windows\~GLC0002.TMP
c:\windows\~GLC0003.TMP
c:\windows\IsUn0407.exe
c:\windows\PFRO.log
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-17 bis 2013-10-17  ))))))))))))))))))))))))))))))
.
.
2013-10-16 20:39 . 2013-10-16 20:39        --------        d-----w-        C:\FRST
2013-10-16 14:37 . 2013-10-16 14:37        --------        d-----w-        c:\users\msi\AppData\Roaming\Malwarebytes
2013-10-16 14:36 . 2013-10-16 14:36        --------        d-----w-        c:\programdata\Malwarebytes
2013-10-16 14:36 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-10-16 14:11 . 2013-10-16 14:11        --------        d-----w-        c:\program files\Google
2013-10-16 14:11 . 2013-10-16 14:11        --------        d-----w-        c:\users\msi\AppData\Local\Google
2013-10-12 10:16 . 2013-10-12 10:17        --------        d-----w-        c:\program files\Mozilla Firefox 4.0 Beta 9
2013-10-09 13:37 . 2013-07-20 10:44        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:36 . 2013-07-03 02:33        35328        ----a-w-        c:\windows\system32\drivers\usbscan.sys
2013-10-09 13:36 . 2013-07-03 02:10        25472        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2013-10-03 12:20 . 2013-10-03 12:20        --------        d-----w-        c:\users\msi\AppData\Local\LogMeIn
2013-10-03 12:20 . 2013-10-03 12:20        --------        d-----w-        c:\programdata\LogMeIn
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 15:32 . 2012-04-06 13:51        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-10-09 15:32 . 2011-05-17 20:16        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 10:11 . 2013-04-20 06:32        89376        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-10-01 10:11 . 2013-04-20 06:32        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-10-01 10:11 . 2013-04-20 06:32        137208        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-09-24 03:07 . 2013-10-10 10:09        53760        ----a-w-        c:\windows\apppatch\iebrshim.dll
2013-08-13 17:18 . 2013-08-13 17:18        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-08-13 17:18 . 2012-09-07 06:15        867240        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-08-13 17:18 . 2010-04-23 09:13        789416        ----a-w-        c:\windows\system32\deployJava1.dll
2013-08-02 04:09 . 2013-08-28 04:31        1548288        ----a-w-        c:\windows\system32\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2009-04-23 691656]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-02-27 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-05-21 794624]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-29 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-29 92704]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"PDFPrint"="d:\pdf24\pdf24.exe" [2011-02-01 220552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2013-10-01 681032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="d:\logmein hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2011-11-25 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:32]
.
2013-10-17 c:\windows\Tasks\User_Feed_Synchronization-{73E21EEE-2D11-4265-9EF7-AAB1D4E482C6}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - d:\icq7.6\ICQ.exe
FF - ProfilePath - c:\users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\
FF - prefs.js: network.proxy.ftp - 84.22.61.145
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 84.22.61.145
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 84.22.61.145
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 84.22.61.145
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-PlayNC Launcher - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AIM_6 - c:\program files\AIM6\uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\17.0.963.66\Installer\setup.exe
AddRemove-Seven Kingdoms AA - c:\windows\IsUn0407.exe
AddRemove-Seven Kingdoms II - c:\windows\IsUn0407.exe
AddRemove-Silkroad - d:\silkroad\Remove.Exe
AddRemove-Theme Park World - c:\windows\IsUn0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\divx\DivXCodecUninstall.exe
AddRemove-Advanced IM Password Recovery - d:\advanced im password recovery\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-10-17 12:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2312104630-3827830867-2223051950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*®7]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2312104630-3827830867-2223051950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*®7\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2312104630-3827830867-2223051950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*®7]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,3a,5c,54,77,6f,20,61,6e,64,20,61,20,68,61,6c,66,20,6d,65,6e,5c,53,
  74,61,66,66,65,6c,20,34,5c,54,77,6f,20,61,6e,64,20,61,20,68,61,6c,66,20,4d,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2312104630-3827830867-2223051950-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:8b,97,c2,97,35,40,bc,d0,3c,a1,e6,98,e8,75,90,78,ce,05,f3,cc,2c,be,7d,
  9c,4f,f9,f1,0d,d5,75,34,34,4b,13,d3,62,9b,98,19,cd,2c,93,98,07,b1,2b,2f,91,\
"??"=hex:7d,8d,98,f3,e3,bf,13,8d,2c,df,04,04,25,13,4c,c5
.
[HKEY_USERS\S-1-5-21-2312104630-3827830867-2223051950-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,b1,3b,72,fc,17,0d,1f,d1,ce,8a,3e,86,ae,81,14,08,c7,a1,c1,a0,
  3c,f5,6c,ec,78,39,c4,7d,a6,55,d6,0a,02,79,58,0f,9b,06,11,db,ae,41,6e,77,f3,\
"rkeysecu"=hex:df,c2,28,f7,f3,73,8a,b0,6e,56,29,3e,c2,a1,ae,b9
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
d:\avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
d:\openhardwaremonitor\OpenHardwareMonitor.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\vpn client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
d:\malwarebytes' anti-malware\mbamscheduler.exe
d:\malwarebytes' anti-malware\mbamservice.exe
c:\program files\System Control Manager\MSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\malwarebytes' anti-malware\mbamgui.exe
d:\logmein hamachi\hamachi-2.exe
d:\logmein hamachi\LMIGuardianSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\logmein hamachi\LMIGuardianSvc.exe
d:\avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-17  12:56:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-17 10:56
.
Vor Suchlauf: 820.584.448 Bytes frei
Nach Suchlauf: 5.047.083.008 Bytes frei
.
- - End Of File - - 9C7AF68BCDF5BA2D735C161A337920DA
64B1E91C5C6C2157642651010728F90F

schrauber 17.10.2013 18:38
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Swarley 18.10.2013 12:30
So, hier dann die entsprechenden Logs

Malwarebytes Anti-Malware:
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
msi :: MSI-PC [limitiert]

Schutz: Aktiviert

18.10.2013 12:55:11
mbam-log-2013-10-18 (12-55-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245663
Laufzeit: 7 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Adw Cleaner:

Code:
# AdwCleaner v3.008 - Bericht erstellt am 18/10/2013 um 13:13:51
# Updated 17/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : msi - MSI-PC
# Gestartet von : C:\Users\msi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Users\msi\AppData\LocalLow\boost_interprocess
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e0dnej74.default\.autoreg
Datei Gelöscht : C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\prefs.js ]

Zeile gelöscht : user_pref("plugin.blocklisted.npviewpoint", true);

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e0dnej74.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3067 octets] - [18/10/2013 13:12:17]
AdwCleaner[S0].txt - [2996 octets] - [18/10/2013 13:13:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3056 octets] ##########
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista (TM) Home Premium x86
Ran by msi on 18.10.2013 at 13:19:56,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\msi\AppData\Roaming\mozilla\firefox\profiles\gks2329g.default\minidumps [196 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.10.2013 at 13:22:27,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und ein frisches FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by msi (administrator) on MSI-PC on 18-10-2013 13:24:07
Running from C:\Users\msi\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
() D:\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Mirco-Star International  CO., LTD.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Geek Software GmbH) D:\PDF24\pdf24.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) D:\DAEMON Tools Lite\daemon.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) D:\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\System Control Manager\MSIService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-16] (Intel Corporation)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [794624 2008-05-21] (Mirco-Star International  CO., LTD.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [671744 2007-10-26] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [220552 2011-02-01] (Geek Software GmbH)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - D:\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - D:\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - D:\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default
FF NetworkProxy: "ftp", "84.22.61.145"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "84.22.61.145"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "84.22.61.145"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "84.22.61.145"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\msi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: testpilot - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{145e79b6-6c19-4b9c-915a-45c90a2f06a5}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe

========================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 CVPND; D:\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 Hamachi2Svc; D:\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
S2 MBAMScheduler; D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [159744 2008-02-22] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] ()
S2 gupdate1c9c13285f54b73; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [449024 2008-04-28] (AfaTech                  )
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-07-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-07-23] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PKWCap; C:\Windows\System32\DRIVERS\PKWCap.sys [995328 2008-04-28] (NXP Semiconductors Germany GmbH)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-20] (Avira GmbH)
U3 ace3k9po; C:\Windows\System32\Drivers\ace3k9po.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 oflpydin; \??\C:\Users\msi\AppData\Local\Temp\oflpydin.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 vpnva; system32\DRIVERS\vpnva.sys [x]
R3 WinRing0_1_2_0; \??\D:\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 13:22 - 2013-10-18 13:22 - 00001176 _____ C:\Users\msi\Desktop\JRT.txt
2013-10-18 13:19 - 2013-10-18 13:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:11 - 2013-10-18 13:13 - 00000000 ____D C:\AdwCleaner
2013-10-18 13:10 - 2013-10-18 13:10 - 01050644 _____ C:\Users\msi\Desktop\adwcleaner.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 01033335 _____ (Thisisu) C:\Users\msi\Desktop\JRT.exe
2013-10-18 13:05 - 2013-10-18 13:05 - 00000318 _____ C:\Windows\PFRO.log
2013-10-17 12:56 - 2013-10-17 12:56 - 00014180 _____ C:\ComboFix.txt
2013-10-17 12:33 - 2013-10-17 12:56 - 00000000 ____D C:\ComboFix
2013-10-17 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-17 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-17 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-17 12:32 - 2013-10-17 12:56 - 00000000 ____D C:\Qoobox
2013-10-17 12:32 - 2013-10-17 12:54 - 00000000 ____D C:\Windows\erdnt
2013-10-17 12:29 - 2013-10-17 12:29 - 05134711 ____R (Swearware) C:\Users\msi\Desktop\ComboFix.exe
2013-10-16 22:40 - 2013-10-16 22:40 - 00026462 _____ C:\Users\msi\Desktop\Addition.txt
2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 22:37 - 2013-10-16 22:38 - 01087213 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Program Files\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-12 12:16 - 2013-10-12 12:17 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-10 12:09 - 2013-09-24 05:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 12:09 - 2013-09-24 05:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-10 12:09 - 2013-09-23 22:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-10 12:09 - 2013-09-23 22:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 15:37 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 15:37 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 15:37 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 15:37 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 15:37 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 15:37 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 15:37 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 15:37 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:37 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 15:37 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 15:37 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 15:37 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 15:37 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 15:37 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 15:37 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 15:37 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 15:37 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 15:37 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 15:36 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 15:36 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn

==================== One Month Modified Files and Folders =======

2013-10-18 13:22 - 2013-10-18 13:22 - 00001176 _____ C:\Users\msi\Desktop\JRT.txt
2013-10-18 13:22 - 2008-07-25 04:39 - 01445182 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 13:19 - 2013-10-18 13:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:17 - 2013-02-27 16:05 - 00000000 ____D C:\Users\msi\AppData\Local\PMB Files
2013-10-18 13:17 - 2011-09-03 19:44 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn Hamachi
2013-10-18 13:16 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.dat
2013-10-18 13:16 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.001
2013-10-18 13:16 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 13:16 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 13:16 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 13:15 - 2008-10-07 05:47 - 02023651 _____ C:\Windows\WindowsUpdate.log
2013-10-18 13:15 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-18 13:13 - 2013-10-18 13:11 - 00000000 ____D C:\AdwCleaner
2013-10-18 13:10 - 2013-10-18 13:10 - 01050644 _____ C:\Users\msi\Desktop\adwcleaner.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 01033335 _____ (Thisisu) C:\Users\msi\Desktop\JRT.exe
2013-10-18 13:05 - 2013-10-18 13:05 - 00000318 _____ C:\Windows\PFRO.log
2013-10-18 13:03 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Web
2013-10-18 12:55 - 2008-09-15 11:35 - 00000414 ____H C:\Windows\Tasks\User_Feed_Synchronization-{73E21EEE-2D11-4265-9EF7-AAB1D4E482C6}.job
2013-10-17 12:56 - 2013-10-17 12:56 - 00014180 _____ C:\ComboFix.txt
2013-10-17 12:56 - 2013-10-17 12:33 - 00000000 ____D C:\ComboFix
2013-10-17 12:56 - 2013-10-17 12:32 - 00000000 ____D C:\Qoobox
2013-10-17 12:54 - 2013-10-17 12:32 - 00000000 ____D C:\Windows\erdnt
2013-10-17 12:50 - 2006-11-02 12:23 - 00000249 _____ C:\Windows\system.ini
2013-10-17 12:31 - 2012-07-04 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-17 12:29 - 2013-10-17 12:29 - 05134711 ____R (Swearware) C:\Users\msi\Desktop\ComboFix.exe
2013-10-16 22:40 - 2013-10-16 22:40 - 00026462 _____ C:\Users\msi\Desktop\Addition.txt
2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 22:38 - 2013-10-16 22:37 - 01087213 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-16 20:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2013-10-16 19:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Globalization
2013-10-16 19:41 - 2006-11-02 13:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-10-16 18:17 - 2008-07-25 03:43 - 00000000 ____D C:\Windows\de-DE
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Program Files\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-16 15:21 - 2008-10-13 04:51 - 00237568 _____ C:\Users\msi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-14 12:35 - 2008-09-28 19:46 - 00000000 ____D C:\Users\msi\AppData\Roaming\Skype
2013-10-13 05:33 - 2012-03-19 09:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-12 12:17 - 2013-10-12 12:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-10 13:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 12:51 - 2006-11-02 14:47 - 00402328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 12:10 - 2008-07-24 00:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 12:06 - 2013-08-15 20:42 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 12:02 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 20:05 - 2008-10-13 04:54 - 00000000 ____D C:\Users\msi\AppData\Roaming\vlc
2013-10-09 17:32 - 2012-04-06 15:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 17:32 - 2011-05-17 22:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 08:11 - 2008-10-06 21:05 - 00111464 _____ C:\Users\msi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-01 12:11 - 2013-04-20 08:32 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-24 05:07 - 2013-10-10 12:09 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 05:06 - 2013-10-10 12:09 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 22:13 - 2013-10-10 12:09 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 22:01 - 2013-10-10 12:09 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-19 10:41 - 2008-07-23 23:18 - 00366004 _____ C:\Windows\DPINST.LOG
2013-09-19 10:40 - 2012-03-09 11:40 - 00001889 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-19 10:39 - 2008-07-23 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\msi\AppData\Local\Temp\avgnt.exe
C:\Users\msi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-18 13:23

==================== End Of Log ============================
--- --- ---

schrauber 18.10.2013 18:23

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Swarley 18.10.2013 21:14
Hier die Logs:

ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c2fab02d00c8204c881c7a07f2ea765d
# engine=15539
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-18 08:05:20
# local_time=2013-10-18 10:05:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 32385 127893604 25824 0
# compatibility_mode=5892 16776638 100 39 15773021 219659448 0 0
# scanned=343449
# found=2
# cleaned=0
# scan_time=9124
sh=5CBE2254F83DCBFAD368118F5BC30091896E6A41 ft=1 fh=49fc47af5522b3b6 vn="a variant of Win32/Kryptik.BMSM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\0103~1\7154~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\GoogleUpdate.exe.vir"
sh=5CBE2254F83DCBFAD368118F5BC30091896E6A41 ft=1 fh=49fc47af5522b3b6 vn="a variant of Win32/Kryptik.BMSM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\msi\AppData\Local\Google\Desktop\Install\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\C3C1~1\01C8~1\CFFE~1\{d9fdbf9b-63c2-12b2-a2b0-be7f676a1d32}\GoogleUpdate.exe.vir"
Security Check:

Code:
Results of screen317's Security Check version 0.99.74 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 37 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player        11.9.900.117 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
neues FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by msi (administrator) on MSI-PC on 18-10-2013 22:11:40
Running from C:\Users\msi\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
() D:\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Mirco-Star International  CO., LTD.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Geek Software GmbH) D:\PDF24\pdf24.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) D:\DAEMON Tools Lite\daemon.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) D:\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\System Control Manager\MSIService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-16] (Intel Corporation)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [794624 2008-05-21] (Mirco-Star International  CO., LTD.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [671744 2007-10-26] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [220552 2011-02-01] (Geek Software GmbH)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - D:\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - D:\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - D:\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default
FF NetworkProxy: "ftp", "84.22.61.145"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "84.22.61.145"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "84.22.61.145"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "84.22.61.145"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\msi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: testpilot - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{145e79b6-6c19-4b9c-915a-45c90a2f06a5}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe

========================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 CVPND; D:\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 Hamachi2Svc; D:\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
S2 MBAMScheduler; D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [159744 2008-02-22] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] ()
S2 gupdate1c9c13285f54b73; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [449024 2008-04-28] (AfaTech                  )
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-07-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-07-23] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PKWCap; C:\Windows\System32\DRIVERS\PKWCap.sys [995328 2008-04-28] (NXP Semiconductors Germany GmbH)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-20] (Avira GmbH)
U3 ahtq9589; C:\Windows\System32\Drivers\ahtq9589.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 oflpydin; \??\C:\Users\msi\AppData\Local\Temp\oflpydin.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 vpnva; system32\DRIVERS\vpnva.sys [x]
R3 WinRing0_1_2_0; \??\D:\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 22:07 - 2013-10-18 22:07 - 00891167 _____ C:\Users\msi\Desktop\SecurityCheck.exe
2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\Program Files\ESET
2013-10-18 19:29 - 2013-10-18 19:29 - 02347384 _____ (ESET) C:\Users\msi\Desktop\esetsmartinstaller_enu.exe
2013-10-18 13:22 - 2013-10-18 13:22 - 00001176 _____ C:\Users\msi\Desktop\JRT.txt
2013-10-18 13:19 - 2013-10-18 13:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:11 - 2013-10-18 13:13 - 00000000 ____D C:\AdwCleaner
2013-10-18 13:10 - 2013-10-18 13:10 - 01050644 _____ C:\Users\msi\Desktop\adwcleaner.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 01033335 _____ (Thisisu) C:\Users\msi\Desktop\JRT.exe
2013-10-18 13:05 - 2013-10-18 13:05 - 00000318 _____ C:\Windows\PFRO.log
2013-10-17 12:56 - 2013-10-17 12:56 - 00014180 _____ C:\ComboFix.txt
2013-10-17 12:33 - 2013-10-17 12:56 - 00000000 ____D C:\ComboFix
2013-10-17 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-17 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-17 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-17 12:32 - 2013-10-17 12:56 - 00000000 ____D C:\Qoobox
2013-10-17 12:32 - 2013-10-17 12:54 - 00000000 ____D C:\Windows\erdnt
2013-10-17 12:29 - 2013-10-17 12:29 - 05134711 ____R (Swearware) C:\Users\msi\Desktop\ComboFix.exe
2013-10-16 22:40 - 2013-10-16 22:40 - 00026462 _____ C:\Users\msi\Desktop\Addition.txt
2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 22:37 - 2013-10-16 22:38 - 01087213 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-12 12:16 - 2013-10-18 13:27 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-10 12:09 - 2013-09-24 05:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 12:09 - 2013-09-24 05:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-10 12:09 - 2013-09-23 22:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-10 12:09 - 2013-09-23 22:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 15:37 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 15:37 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 15:37 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 15:37 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 15:37 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 15:37 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 15:37 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 15:37 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:37 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 15:37 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 15:37 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 15:37 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 15:37 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 15:37 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 15:37 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 15:37 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 15:37 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 15:37 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 15:36 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 15:36 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn

==================== One Month Modified Files and Folders =======

2013-10-18 22:07 - 2013-10-18 22:07 - 00891167 _____ C:\Users\msi\Desktop\SecurityCheck.exe
2013-10-18 21:31 - 2012-07-04 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 21:28 - 2008-10-07 05:47 - 01204843 _____ C:\Windows\WindowsUpdate.log
2013-10-18 20:38 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 20:38 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\Program Files\ESET
2013-10-18 19:29 - 2013-10-18 19:29 - 02347384 _____ (ESET) C:\Users\msi\Desktop\esetsmartinstaller_enu.exe
2013-10-18 19:10 - 2013-02-27 16:05 - 00000000 ____D C:\Users\msi\AppData\Local\PMB Files
2013-10-18 18:46 - 2008-07-25 04:39 - 01445182 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 18:39 - 2011-09-03 19:44 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn Hamachi
2013-10-18 18:38 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.dat
2013-10-18 18:38 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.001
2013-10-18 18:38 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 13:31 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-18 13:27 - 2013-10-12 12:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-18 13:22 - 2013-10-18 13:22 - 00001176 _____ C:\Users\msi\Desktop\JRT.txt
2013-10-18 13:19 - 2013-10-18 13:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:13 - 2013-10-18 13:11 - 00000000 ____D C:\AdwCleaner
2013-10-18 13:10 - 2013-10-18 13:10 - 01050644 _____ C:\Users\msi\Desktop\adwcleaner.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 01033335 _____ (Thisisu) C:\Users\msi\Desktop\JRT.exe
2013-10-18 13:05 - 2013-10-18 13:05 - 00000318 _____ C:\Windows\PFRO.log
2013-10-18 13:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Web
2013-10-18 12:55 - 2008-09-15 11:35 - 00000414 ____H C:\Windows\Tasks\User_Feed_Synchronization-{73E21EEE-2D11-4265-9EF7-AAB1D4E482C6}.job
2013-10-17 12:56 - 2013-10-17 12:56 - 00014180 _____ C:\ComboFix.txt
2013-10-17 12:56 - 2013-10-17 12:33 - 00000000 ____D C:\ComboFix
2013-10-17 12:56 - 2013-10-17 12:32 - 00000000 ____D C:\Qoobox
2013-10-17 12:54 - 2013-10-17 12:32 - 00000000 ____D C:\Windows\erdnt
2013-10-17 12:50 - 2006-11-02 12:23 - 00000249 _____ C:\Windows\system.ini
2013-10-17 12:29 - 2013-10-17 12:29 - 05134711 ____R (Swearware) C:\Users\msi\Desktop\ComboFix.exe
2013-10-16 22:40 - 2013-10-16 22:40 - 00026462 _____ C:\Users\msi\Desktop\Addition.txt
2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 22:38 - 2013-10-16 22:37 - 01087213 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-16 20:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2013-10-16 19:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Globalization
2013-10-16 19:41 - 2006-11-02 13:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-10-16 18:17 - 2008-07-25 03:43 - 00000000 ____D C:\Windows\de-DE
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-16 15:21 - 2008-10-13 04:51 - 00237568 _____ C:\Users\msi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-14 12:35 - 2008-09-28 19:46 - 00000000 ____D C:\Users\msi\AppData\Roaming\Skype
2013-10-13 05:33 - 2012-03-19 09:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-10 13:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 12:51 - 2006-11-02 14:47 - 00402328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 12:10 - 2008-07-24 00:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 12:06 - 2013-08-15 20:42 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 12:02 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 20:05 - 2008-10-13 04:54 - 00000000 ____D C:\Users\msi\AppData\Roaming\vlc
2013-10-09 17:32 - 2012-04-06 15:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 17:32 - 2011-05-17 22:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 08:11 - 2008-10-06 21:05 - 00111464 _____ C:\Users\msi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-01 12:11 - 2013-04-20 08:32 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-24 05:07 - 2013-10-10 12:09 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 05:06 - 2013-10-10 12:09 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 22:13 - 2013-10-10 12:09 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 22:01 - 2013-10-10 12:09 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-19 10:41 - 2008-07-23 23:18 - 00366004 _____ C:\Windows\DPINST.LOG
2013-09-19 10:40 - 2012-03-09 11:40 - 00001889 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-19 10:39 - 2008-07-23 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\msi\AppData\Local\Temp\avgnt.exe
C:\Users\msi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-18 19:06

==================== End Of Log ============================
--- --- ---

schrauber 19.10.2013 14:41
Java, Flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

Swarley 20.10.2013 16:51
So, hier dann die Fixlist.txt nach dem Fix:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by msi at 2013-10-20 17:49:18 Run:1
Running from C:\Users\msi\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====
Und das neue FRST-log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by msi (administrator) on MSI-PC on 20-10-2013 17:49:50
Running from C:\Users\msi\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
() D:\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Mirco-Star International  CO., LTD.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Geek Software GmbH) D:\PDF24\pdf24.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) D:\DAEMON Tools Lite\daemon.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) D:\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\System Control Manager\MSIService.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-16] (Intel Corporation)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [794624 2008-05-21] (Mirco-Star International  CO., LTD.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [671744 2007-10-26] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [220552 2011-02-01] (Geek Software GmbH)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - D:\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogMeIn Hamachi Ui] - D:\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - D:\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default
FF NetworkProxy: "ftp", "84.22.61.145"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "84.22.61.145"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "84.22.61.145"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "84.22.61.145"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - D:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\msi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: testpilot - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{145e79b6-6c19-4b9c-915a-45c90a2f06a5}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
FF Extension: No Name - C:\Users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\gks2329g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe

========================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 CVPND; D:\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 Hamachi2Svc; D:\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 MBAMScheduler; D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [159744 2008-02-22] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S2 gupdate1c9c13285f54b73; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [449024 2008-04-28] (AfaTech                  )
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-07-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-07-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PKWCap; C:\Windows\System32\DRIVERS\PKWCap.sys [995328 2008-04-28] (NXP Semiconductors Germany GmbH)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-20] (Avira GmbH)
U3 acl1i1di; C:\Windows\System32\Drivers\acl1i1di.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 oflpydin; \??\C:\Users\msi\AppData\Local\Temp\oflpydin.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 vpnva; system32\DRIVERS\vpnva.sys [x]
R3 WinRing0_1_2_0; \??\D:\OpenHardwareMonitor\OpenHardwareMonitor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 17:47 - 2013-10-20 17:47 - 01087515 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-20 17:44 - 2013-10-20 17:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 17:43 - 2013-10-20 17:42 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 17:42 - 2013-10-20 17:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 17:42 - 2013-10-20 17:42 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 17:42 - 2013-10-20 17:42 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 11:17 - 2013-10-20 11:17 - 00000594 _____ C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-10-19 18:49 - 2013-10-19 18:49 - 00000531 _____ C:\Users\Public\Desktop\The Conquerors.lnk
2013-10-19 18:47 - 2013-10-19 18:47 - 00000613 _____ C:\Users\Public\Desktop\Age of Empires II.lnk
2013-10-19 16:39 - 2013-10-19 16:39 - 00000381 _____ C:\Users\Public\Desktop\Counter-Strike 1.6.lnk
2013-10-18 22:07 - 2013-10-18 22:07 - 00891167 _____ C:\Users\msi\Desktop\SecurityCheck.exe
2013-10-18 19:29 - 2013-10-18 19:29 - 02347384 _____ (ESET) C:\Users\msi\Desktop\esetsmartinstaller_enu.exe
2013-10-18 13:22 - 2013-10-18 13:22 - 00001176 _____ C:\Users\msi\Desktop\JRT.txt
2013-10-18 13:19 - 2013-10-18 13:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:11 - 2013-10-18 13:13 - 00000000 ____D C:\AdwCleaner
2013-10-18 13:10 - 2013-10-18 13:10 - 01050644 _____ C:\Users\msi\Desktop\adwcleaner.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 01033335 _____ (Thisisu) C:\Users\msi\Desktop\JRT.exe
2013-10-18 13:05 - 2013-10-19 11:18 - 00001124 _____ C:\Windows\PFRO.log
2013-10-17 12:56 - 2013-10-17 12:56 - 00014180 _____ C:\ComboFix.txt
2013-10-17 12:33 - 2013-10-17 12:56 - 00000000 ____D C:\ComboFix
2013-10-17 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-17 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-17 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-17 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-17 12:32 - 2013-10-17 12:56 - 00000000 ____D C:\Qoobox
2013-10-17 12:32 - 2013-10-17 12:54 - 00000000 ____D C:\Windows\erdnt
2013-10-17 12:29 - 2013-10-17 12:29 - 05134711 ____R (Swearware) C:\Users\msi\Desktop\ComboFix.exe
2013-10-16 22:40 - 2013-10-16 22:40 - 00026462 _____ C:\Users\msi\Desktop\Addition.txt
2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-12 12:16 - 2013-10-20 17:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-10 12:09 - 2013-09-24 05:07 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 12:09 - 2013-09-24 05:07 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 12:09 - 2013-09-24 05:06 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-10 12:09 - 2013-09-23 22:13 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-10 12:09 - 2013-09-23 22:01 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 15:37 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 15:37 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 15:37 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 15:37 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 15:37 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 15:37 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 15:37 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 15:37 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 15:37 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 15:37 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:37 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 15:37 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 15:37 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 15:37 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 15:37 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 15:37 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 15:37 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 15:37 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 15:37 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 15:37 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 15:37 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 15:36 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 15:36 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn

==================== One Month Modified Files and Folders =======

2013-10-20 17:49 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.001
2013-10-20 17:47 - 2013-10-20 17:47 - 01087515 _____ (Farbar) C:\Users\msi\Desktop\FRST.exe
2013-10-20 17:47 - 2013-02-27 16:05 - 00000000 ____D C:\Users\msi\AppData\Local\PMB Files
2013-10-20 17:44 - 2013-10-20 17:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 17:42 - 2013-10-20 17:43 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 17:42 - 2013-10-20 17:42 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 17:42 - 2013-10-20 17:42 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 17:42 - 2013-10-20 17:42 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 17:40 - 2008-10-06 21:05 - 00000000 ____D C:\Users\msi\AppData\Local\Adobe
2013-10-20 17:39 - 2013-10-12 12:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-10-20 17:39 - 2012-07-04 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 17:39 - 2012-04-06 15:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-20 17:39 - 2012-03-19 09:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-20 17:39 - 2011-05-17 22:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-20 17:23 - 2008-07-23 23:03 - 00041793 _____ C:\ProgramData\nvModes.dat
2013-10-20 17:22 - 2008-10-07 05:47 - 01233656 _____ C:\Windows\WindowsUpdate.log
2013-10-20 17:17 - 2011-09-03 19:44 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn Hamachi
2013-10-20 17:15 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 17:15 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 17:15 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 13:58 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-20 11:17 - 2013-10-20 11:17 - 00000594 _____ C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-10-20 11:17 - 2012-03-07 09:36 - 00001190 _____ C:\Windows\eReg.dat
2013-10-20 11:09 - 2008-07-23 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-20 11:02 - 2008-07-25 04:39 - 01445182 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 10:58 - 2008-09-15 11:35 - 00000414 ____H C:\Windows\Tasks\User_Feed_Synchronization-{73E21EEE-2D11-4265-9EF7-AAB1D4E482C6}.job
2013-10-19 18:49 - 2013-10-19 18:49 - 00000531 _____ C:\Users\Public\Desktop\The Conquerors.lnk
2013-10-19 18:47 - 2013-10-19 18:47 - 00000613 _____ C:\Users\Public\Desktop\Age of Empires II.lnk
2013-10-19 18:02 - 2006-11-02 14:52 - 00029840 _____ C:\Windows\setupact.log
2013-10-19 16:39 - 2013-10-19 16:39 - 00000381 _____ C:\Users\Public\Desktop\Counter-Strike 1.6.lnk
2013-10-19 16:32 - 2006-11-02 14:47 - 00403120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 11:43 - 2008-10-06 21:05 - 00111848 _____ C:\Users\msi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 11:18 - 2013-10-18 13:05 - 00001124 _____ C:\Windows\PFRO.log
2013-10-18 22:07 - 2013-10-18 22:07 - 00891167 _____ C:\Users\msi\Desktop\SecurityCheck.exe
2013-10-18 19:29 - 2013-10-18 19:29 - 02347384 _____ (ESET) C:\Users\msi\Desktop\esetsmartinstaller_enu.exe
2013-10-18 13:22 - 2013-10-18 13:22 - 00001176 _____ C:\Users\msi\Desktop\JRT.txt
2013-10-18 13:19 - 2013-10-18 13:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:13 - 2013-10-18 13:11 - 00000000 ____D C:\AdwCleaner
2013-10-18 13:10 - 2013-10-18 13:10 - 01050644 _____ C:\Users\msi\Desktop\adwcleaner.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 01033335 _____ (Thisisu) C:\Users\msi\Desktop\JRT.exe
2013-10-18 13:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Web
2013-10-17 12:56 - 2013-10-17 12:56 - 00014180 _____ C:\ComboFix.txt
2013-10-17 12:56 - 2013-10-17 12:33 - 00000000 ____D C:\ComboFix
2013-10-17 12:56 - 2013-10-17 12:32 - 00000000 ____D C:\Qoobox
2013-10-17 12:54 - 2013-10-17 12:32 - 00000000 ____D C:\Windows\erdnt
2013-10-17 12:50 - 2006-11-02 12:23 - 00000249 _____ C:\Windows\system.ini
2013-10-17 12:29 - 2013-10-17 12:29 - 05134711 ____R (Swearware) C:\Users\msi\Desktop\ComboFix.exe
2013-10-16 22:40 - 2013-10-16 22:40 - 00026462 _____ C:\Users\msi\Desktop\Addition.txt
2013-10-16 22:39 - 2013-10-16 22:39 - 00000000 ____D C:\FRST
2013-10-16 20:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2013-10-16 19:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Globalization
2013-10-16 19:41 - 2006-11-02 13:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-10-16 18:17 - 2008-07-25 03:43 - 00000000 ____D C:\Windows\de-DE
2013-10-16 16:37 - 2013-10-16 16:37 - 00000000 ____D C:\Users\msi\AppData\Roaming\Malwarebytes
2013-10-16 16:36 - 2013-10-16 16:36 - 00000574 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 16:36 - 2013-10-16 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 16:11 - 2013-10-16 16:11 - 00000000 ____D C:\Users\msi\AppData\Local\Google
2013-10-16 15:40 - 2013-10-16 15:40 - 00000586 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
2013-10-16 15:21 - 2008-10-13 04:51 - 00237568 _____ C:\Users\msi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-14 12:35 - 2008-09-28 19:46 - 00000000 ____D C:\Users\msi\AppData\Roaming\Skype
2013-10-10 13:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 12:10 - 2008-07-24 00:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 12:06 - 2013-08-15 20:42 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 12:02 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 20:05 - 2008-10-13 04:54 - 00000000 ____D C:\Users\msi\AppData\Roaming\vlc
2013-10-08 23:55 - 2013-10-08 23:55 - 00000579 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2013-10-08 23:52 - 2013-10-08 23:52 - 00000142 _____ C:\Windows\Q321178.log
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\Users\msi\AppData\Local\LogMeIn
2013-10-03 14:20 - 2013-10-03 14:20 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-01 12:11 - 2013-04-20 08:32 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 12:11 - 2013-04-20 08:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-24 05:07 - 2013-10-10 12:09 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 03625984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-24 05:07 - 2013-10-10 12:09 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-24 05:06 - 2013-10-10 12:09 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 22:13 - 2013-10-10 12:09 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 22:01 - 2013-10-10 12:09 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Some content of TEMP:
====================
C:\Users\msi\AppData\Local\Temp\avgnt.exe
C:\Users\msi\AppData\Local\Temp\DRVMGT.DLL
C:\Users\msi\AppData\Local\Temp\Quarantine.exe
C:\Users\msi\AppData\Local\Temp\setupenu.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-20 17:23

==================== End Of Log ============================
--- --- ---


Erforderliche Updates sind ebenfalls durchgeführt.

schrauber 20.10.2013 18:15
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Swarley 20.10.2013 21:32
Hallo Schrauber,

die letzten Schritte sind erfolgreich ausgeführt und es schlägt weder Virenscanner noch MBAM wegen infizierter Dateien an, womit ich hoffe, dass die Infektion damit endgültig beseitigt ist. Deine Sicherheitsratschläge hab ich mir zu Herzen genommen und hoffe, dass ich mir dadurch so schnell nichts Weiteres mehr zuziehe.

Abschließend möchte ich Dir noch für Deine Hilfe und Deinen Zeitaufwand danken.

Gruß

schrauber 21.10.2013 11:51
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55