Trojaner-Board - Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro (https://www.trojaner-board.de/149597-firefox-oeffnet-selbstaendig-neuen-tab-systweak-reg-cleaner-pro.html)

Firefox öffnet selbständig neuen Tab zu Systweak/Reg cleaner pro

Guten Abend,

ich habe leider das im Titel angegebene Problem. Das erste Mal trat es gestern Abend auf. Da ich außer Ebay keine weiteren Seiten geöffnet hatte, war ich stutzig geworden. Vorher hatte ich noch einen vollständigen Suchlauf mit Kaspersky gemacht und nix gefunden. Nach dem Auftreten des Kuriosums habe ich einen vollständigen Suchlauf mit Malwarebytes gemacht und da wurde auch nix gefunden.

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.02.09.06
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Michael (Admin) :: SCHLEPPTOPF-PC [Administrator]
 

09.02.2014 20:46:38

mbam-log-2014-02-09 (20-46-38).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 473580

Laufzeit: 2 Stunde(n), 11 Minute(n), 37 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Heute Abend habe ich noch einen Suchlauf mit FRST gemacht. Hier die Logfiles:

FRST.txt:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014

Ran by Michael (ATTENTION: The logged in user is not administrator) on SCHLEPPTOPF-PC on 10-02-2014 20:11:04

Running from C:\Users\Michael\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Windows\tsnp2uvc.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)

HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()

HKLM\...\Run: [COMODO Firewall Pro] - "C:\Program Files\COMODO\Firewall\cfp.exe" -h

HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [F-Secure Hoster (666)] - "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKU\.DEFAULT\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3885408 2009-02-06] (Microsoft Corporation)

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {07279b00-a77f-11dd-a0df-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdc93-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdca5-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcaf-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcb3-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

Lsa: [Notification Packages] C:\Program Files\EgisTec\VITAKEY\PwdFilter

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.gmx.net/

FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin-1.xml

FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin.xml

FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Flash Video Downloader - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\artur.dubovoy@gmail.com [2014-01-25]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-06]

FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-07-24]

FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-23]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-08]
 

========================== Services (Whitelisted) =================
 

R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia)

R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] ()

R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)

R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()

R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)

R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] ()

R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
 

==================== Drivers (Whitelisted) ====================
 

S3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)

R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)

R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-12] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-12] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-12] (Kaspersky Lab ZAO)

R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)

R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)

R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-10 20:11 - 2014-02-10 20:11 - 00017645 _____ () C:\Users\Michael\Desktop\FRST.txt

2014-02-10 20:10 - 2014-02-10 20:11 - 00000000 ____D () C:\FRST

2014-02-10 19:45 - 2014-02-10 19:45 - 01139200 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe

2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes

2014-01-15 11:16 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-01-15 11:16 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-01-15 11:16 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-01-15 11:16 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-01-15 11:15 - 2014-01-15 11:16 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
 

==================== One Month Modified Files and Folders =======
 

2014-02-10 20:11 - 2014-02-10 20:11 - 00017645 _____ () C:\Users\Michael\Desktop\FRST.txt

2014-02-10 20:11 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST

2014-02-10 20:10 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

2014-02-10 20:05 - 2012-04-01 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-10 20:05 - 2011-05-20 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-10 20:05 - 2008-10-31 21:16 - 01830276 _____ () C:\Windows\WindowsUpdate.log

2014-02-10 20:04 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-10 20:03 - 2008-08-28 05:28 - 00220409 _____ () C:\ProgramData\nvModes.001

2014-02-10 20:03 - 2008-08-28 05:22 - 00220409 _____ () C:\ProgramData\nvModes.dat

2014-02-10 20:02 - 2013-03-30 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-10 20:02 - 2013-01-26 00:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-10 19:59 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-02-10 19:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-10 19:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-10 19:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-10 19:55 - 2008-08-28 03:21 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-02-10 19:55 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-10 19:47 - 2013-01-26 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-10 19:45 - 2014-02-10 19:45 - 01139200 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe

2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes

2014-02-09 17:37 - 2008-11-10 14:44 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat

2014-02-07 22:03 - 2008-11-06 16:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype

2014-02-04 21:36 - 2010-02-10 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc

2014-02-04 21:20 - 2008-11-01 23:57 - 00000000 ____D () C:\xx

2014-01-16 08:10 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-16 08:08 - 2013-08-26 02:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-16 08:05 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-01-15 11:16 - 2014-01-15 11:15 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

2014-01-15 11:16 - 2013-06-23 17:39 - 00000000 ____D () C:\Program Files\Java

2014-01-12 22:07 - 2013-10-17 15:47 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2014-01-12 22:07 - 2013-10-17 15:47 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

2014-01-12 22:07 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
 

Some content of TEMP:

====================

C:\Users\Mama\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\Michael\AppData\Local\Temp\AskSLib.dll

C:\Users\Michael\AppData\Local\Temp\autorun.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014

Ran by Michael at 2014-02-10 20:11:32

Running from C:\Users\Michael\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)

7-Zip 9.20 (Version:  - )

Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Flash Player ActiveX (Version: 9.0.124.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)

Any Video Converter 5 5.0.4 (Version:  - Any-Video-Converter.com)

AVerMedia A850 USB DMB-TH 1.0.0.26 (Version: 1.0.0.26 - AVerMedia TECHNOLOGIES, Inc.)

AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.)

AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden

Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)

CCleaner (Version: 3.22 - Piriform)

Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden

Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3 - Cisco Systems, Inc.)

Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)

Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)

Corel MediaOne (Version: 2.00.0000 - Corel Corporation)

CorelDRAW Essential Edition 3 (Version:  - Corel Corporation)

CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden

CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.)

CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.) Hidden

CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.)

CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.) Hidden

CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.)

CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.) Hidden

CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.)

CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.) Hidden

CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.)

CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.) Hidden

DE (Version: 3.0 - Corel Corporation) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)

e-Wörterbücher (Version:  - )

FILEminimizer Pictures (Version:  - balesio AG)

Foxlink Webcam (Version: 5.8.48000.201_WHQL - Sonix)

Freeciv 2.1.9 (GTK+ client) (Version:  - )

Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Google Earth Plug-in (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden

ICQ6.5 (Version: 6.5 - ICQ)

ICQ7.5 (HKCU Version: 7.5 - ICQ)

Java 7 Update 51 (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Letstrade (Version: 1.00.0000 - Buhl Data Service)

LetsTrade Komponenten (Version:  - )

MakeDisc (Version: 3.0.2601 - CyberLink Corp.)

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)

Mozilla Maintenance Service (Version: 26.0 - Mozilla)

Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (de) - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

MyWinLocker 3 (Version: 3.1.20.0 - EgisTec)

Nero 8 Essentials (Version: 8.3.124 - Nero AG)

neroxml (Version: 1.0.0 - Nero AG) Hidden

NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)

OpenOffice.org 3.0 (Version: 3.0.9358 - OpenOffice.org)

PowerDVD (Version: 7.0.3118.0 - PowerDVDCorp.)

Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (Version: 3.0.1.3 - Realtek Semiconductor Corp.)

Sceneo AbsolutTV (Version:  - )

Schiff-Simulator 2008 (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)

TVsweeper 3 (Version: 3.0.3 - Sonavis)

Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)

Update Manager (Version: 4.60 - Corel Corporation) Hidden

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

VITAKEY (Version: 6.0.1.41 - EgisTec)

VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden

VLC media player 1.0.5 (Version: 1.0.5 - VideoLAN Team)

waterMark V2 (Version:  - )

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 14.0.8064.0206 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Movie Maker-Betaversion (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)

Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)

WISO Mein Geld 2008 Professional (Version: 9.00.01.0023 - Buhl Data Service GmbH)

X10 Hardware(TM) (Version:  - )

Youtube Downloader HD v. 2.6 (Version:  - YoutubeDownloaderHD.com)
 

==================== Restore Points  =========================
 

Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 

==================== Hosts content: ==========================
 

2006-11-02 11:23 - 2012-10-04 22:01 - 00444414 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

127.0.0.1        www.007guard.com

127.0.0.1        007guard.com

127.0.0.1        008i.com

127.0.0.1        www.008k.com

127.0.0.1        008k.com

127.0.0.1        www.00hq.com

127.0.0.1        00hq.com

127.0.0.1        010402.com

127.0.0.1        www.032439.com

127.0.0.1        032439.com

127.0.0.1        www.0scan.com

127.0.0.1        0scan.com

127.0.0.1        100888290cs.com

127.0.0.1        www.100888290cs.com

127.0.0.1        www.100sexlinks.com

127.0.0.1        100sexlinks.com

127.0.0.1        10sek.com

127.0.0.1        www.10sek.com

127.0.0.1        123topsearch.com

127.0.0.1        www.123topsearch.com

127.0.0.1        132.com

127.0.0.1        www.132.com

127.0.0.1        www.136136.net

127.0.0.1        136136.net

127.0.0.1        163ns.com

127.0.0.1        www.163ns.com

127.0.0.1        171203.com

127.0.0.1        17-plus.com
 

There are 1000 more lines.
 
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => ?
 

==================== Loaded Modules (whitelisted) =============
 

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

2008-08-28 10:58 - 2008-08-28 14:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-ISATAP-Adapter

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Systemfehler 5 aufgetreten.
 

Zugriff verweigert
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 3065.96 MB

Available physical RAM: 1861.71 MB

Total Pagefile: 6332.89 MB

Available Pagefile: 4998.82 MB

Total Virtual: 2047.88 MB

Available Virtual: 1892.45 MB
 

==================== Drives ================================
 

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:62.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7.11 GB) FAT32
 

==================== MBR & Partition Table ==================
 

==================== End Of Log ============================

Vielen Dank schonmal im Voraus

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ich kann den Explorer nicht mehr öffnen. Ist das normal? Allerdings habe ich noch keinen Neustart gemacht. Hier die log.txt

Code:

ComboFix 14-02-11.01 - Michael (Admin) 11.02.2014  20:51:12.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1516 [GMT 1:00]

ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}

FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\system32\pthreadVC.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-01-11 bis 2014-02-11  ))))))))))))))))))))))))))))))

.

.

2014-02-11 19:57 . 2014-02-11 19:58        --------        d-----w-        c:\users\Michael (Admin)\AppData\Local\temp

2014-02-11 19:57 . 2014-02-11 19:57        --------        d-----w-        c:\users\Mama\AppData\Local\temp

2014-02-11 19:57 . 2014-02-11 19:57        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-02-10 19:10 . 2014-02-10 20:32        --------        d-----w-        C:\FRST

2014-02-09 19:45 . 2014-02-09 19:45        --------        d-----w-        c:\users\Michael\AppData\Roaming\Malwarebytes

2014-01-15 10:16 . 2013-12-18 20:10        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-10 19:05 . 2012-04-01 17:23        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2014-02-10 19:05 . 2011-05-20 09:52        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-12 21:07 . 2013-10-17 14:47        135776        ----a-w-        c:\windows\system32\drivers\kl1.sys

2014-01-12 21:07 . 2013-06-06 16:38        144992        ----a-w-        c:\windows\system32\drivers\kneps.sys

2013-11-14 22:50 . 2013-12-14 00:44        1806848        ----a-w-        c:\windows\system32\jscript9.dll

2013-11-14 22:42 . 2013-12-14 00:44        1129472        ----a-w-        c:\windows\system32\wininet.dll

2013-11-14 22:42 . 2013-12-14 00:44        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-11-14 22:38 . 2013-12-14 00:44        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-11-14 22:38 . 2013-12-14 00:44        420864        ----a-w-        c:\windows\system32\vbscript.dll

2013-11-14 22:35 . 2013-12-14 00:44        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-08-04 14:45        40496        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]

"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"Skytel"="Skytel.exe" [2008-07-24 1833504]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

.

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           c:\program files\EgisTec\VITAKEY\PwdFilter

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk

backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk

backup=c:\windows\pss\AVerQuick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Michael (Admin)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

path=c:\users\Michael (Admin)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-11-21 16:57        959904        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2009-03-01 10:59        172792        ----a-w-        c:\program files\ICQ6.5\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 20:17        52256        ----a-w-        c:\program files\HomeCinema\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]

2008-08-04 14:45        326192        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-02-09 18:51        71216        ----a-w-        c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-09 20:54        16896        ----a-w-        c:\program files\GoogleEULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-06-13 16:11        210216        ------w-        c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyPdtWzd]

2008-08-29 18:11        2303272        ----a-w-        c:\program files\EgisTec\VITAKEY\PdtWzd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-25 23:58]

.

2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-25 23:58]

.

2014-02-11 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2011-05-10 10:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.aldi.com/

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe

HKLM-Run-F-Secure Hoster (666) - c:\program files\F-Secure\fshoster32.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe

MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\Firewall\cfp.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-02-11 20:58

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1001_Classes\CLSID]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1001_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}]

@DACL=(02 0000)

@="ContentHost Control"

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}]

@DACL=(02 0000)

@="WindowGroup Class"

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}]

@DACL=(02 0000)

@="PluginWindow Helper"

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{BD853A5B-5E2B-4AAC-B475-96FFA41B2C5E}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}]

@DACL=(02 0000)

@="GameController Class"

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}]

@DACL=(02 0000)

@="DRMClient Helper version 2"

.

[HKEY_USERS\S-1-5-21-399314428-2372084609-4159001784-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}]

@DACL=(02 0000)

@="NamedStrings Helper"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(776)

c:\program files\EgisTec\VITAKEY\PwdFilter.dll

.

Zeit der Fertigstellung: 2014-02-11  20:59:57

ComboFix-quarantined-files.txt  2014-02-11 19:59

.

Vor Suchlauf: 19 Verzeichnis(se), 66.691.334.144 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 66.537.926.656 Bytes frei

.

- - End Of File - - E4D32DD90AAA1C479D7B1DD951861E93

5C616939100B85E558DA92B899A0FC36

Nachtrag: Explorer funktioniert wieder ganz normal. Neustart ging recht schnell.

Nachtrag 2: Ich war nach dem Scanvorgang auf einer Radsportseite und danach wieder auf Ebay. Es kam ein neues Popup, welches auf folgende Seite verweist: hxyp://ff.seitensprungarea.com/23/?WMID=86321&pid=1541-5W50&sub=11662&spub_id=
:mad: Ich habe den Link mal entschärft. Gern nehme ich ihn auch komplett raus. Oder ist da was mit Ebay faul? :aufsmaul: Auf anderen Seiten werden keine solchen Tabs geöffnet.

Danach sollte merklich Ruhe sein.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

JRT hat bei mir nicht funktioniert. Das Programm schließt den Explorer und danach geht nichts mehr. Das Problem mit den neuen Tabs auf Ebay besteht übrigens weiterhin. Hier sind die restlichen Logs:

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.02.13.10
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Michael (Admin) :: SCHLEPPTOPF-PC [Administrator]
 

13.02.2014 20:47:51

mbam-log-2014-02-13 (20-47-51).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 262638

Laufzeit: 11 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

AdwCleaner:

Code:

# AdwCleaner v3.018 - Bericht erstellt am 13/02/2014 um 21:11:42

# Updated 28/01/2014 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzername : Michael (Admin) - SCHLEPPTOPF-PC

# Gestartet von : C:\Users\Michael\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\ICQToolbarData

Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin.xml

Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\icqplugin-1.xml
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16533
 
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Michael (Admin)\AppData\Roaming\Mozilla\Firefox\Profiles\ic7c42si.default\prefs.js ]
 
 

[ Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\ircla028.default\prefs.js ]
 
 

[ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\prefs.js ]
 

Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);

Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);

Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1311418238);

Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");

Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);

Zeile gelöscht : user_pref("icqtoolbar.installTime", "1311418238");

Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");

Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);

Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");

Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);

Zeile gelöscht : user_pref("icqtoolbar.uninstStatSent", true);

Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "131141328113114127851311418238457");

Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1311418240);

Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);

Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");
 

*************************
 

AdwCleaner[R0].txt - [3185 octets] - [13/02/2014 21:03:38]

AdwCleaner[S0].txt - [3110 octets] - [13/02/2014 21:11:42]
 

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3170 octets] ##########

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01

Ran by Michael (ATTENTION: The logged in user is not administrator) on SCHLEPPTOPF-PC on 15-02-2014 22:04:56

Running from C:\Users\Michael\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Windows\tsnp2uvc.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\system32\sdclt.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)

HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()

HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKU\.DEFAULT\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3885408 2009-02-06] (Microsoft Corporation)

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {07279b00-a77f-11dd-a0df-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdc93-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdca5-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcaf-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcb3-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

Lsa: [Notification Packages] C:\Program Files\EgisTec\VITAKEY\PwdFilter

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Flash Video Downloader - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\artur.dubovoy@gmail.com [2014-01-25]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-06]

FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ye3p2czc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-07-24]

FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-23]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-08]

FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-08]
 

========================== Services (Whitelisted) =================
 

R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia)

R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] ()

R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)

R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()

R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)

R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] ()

R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
 

==================== Drivers (Whitelisted) ====================
 

S3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)

R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)

R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-12] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-12] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-12] (Kaspersky Lab ZAO)

R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)

R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)

R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-15 22:04 - 2014-02-15 22:06 - 00016564 _____ () C:\Users\Michael\Desktop\FRST.txt

2014-02-15 22:04 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion

2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT

2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe

2014-02-13 21:03 - 2014-02-13 21:11 - 00000000 ____D () C:\AdwCleaner

2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe

2014-02-12 03:03 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 03:03 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-12 03:03 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 03:03 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 03:03 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 03:03 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-12 03:03 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-12 03:03 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 03:03 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 03:03 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 03:03 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-12 03:03 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt

2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\Qoobox

2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\ComboFix

2014-02-11 20:48 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-11 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-11 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-11 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-02-11 20:47 - 2014-02-11 20:58 - 00000000 ____D () C:\Windows\erdnt

2014-02-11 20:41 - 2014-02-11 20:42 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe

2014-02-10 20:10 - 2014-02-15 22:04 - 00000000 ____D () C:\FRST

2014-02-10 19:45 - 2014-02-15 22:04 - 01141248 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe

2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
 

==================== One Month Modified Files and Folders =======
 

2014-02-15 22:06 - 2014-02-15 22:04 - 00016564 _____ () C:\Users\Michael\Desktop\FRST.txt

2014-02-15 22:05 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

2014-02-15 22:04 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion

2014-02-15 22:04 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST

2014-02-15 22:04 - 2014-02-10 19:45 - 01141248 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe

2014-02-15 21:47 - 2013-01-26 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-15 21:38 - 2008-10-31 21:16 - 02066347 _____ () C:\Windows\WindowsUpdate.log

2014-02-15 21:03 - 2013-03-30 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-15 21:00 - 2013-01-26 00:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-15 21:00 - 2008-08-28 05:28 - 00220409 _____ () C:\ProgramData\nvModes.001

2014-02-15 21:00 - 2008-08-28 05:22 - 00220409 _____ () C:\ProgramData\nvModes.dat

2014-02-15 20:53 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-15 20:48 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-02-15 20:46 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-15 20:46 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-15 20:46 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-15 15:23 - 2008-08-28 03:21 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-02-15 15:23 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT

2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe

2014-02-13 21:11 - 2014-02-13 21:03 - 00000000 ____D () C:\AdwCleaner

2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe

2014-02-12 03:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-12 03:17 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-12 03:15 - 2013-08-26 02:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-12 03:11 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-11 21:17 - 2012-10-06 18:51 - 00198180 _____ () C:\Windows\PFRO.log

2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\Qoobox

2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\ComboFix

2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default

2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public

2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt

2014-02-11 20:58 - 2014-02-11 20:47 - 00000000 ____D () C:\Windows\erdnt

2014-02-11 20:58 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2014-02-11 20:42 - 2014-02-11 20:41 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe

2014-02-10 21:12 - 2008-11-01 23:57 - 00000000 ____D () C:\xx

2014-02-10 20:05 - 2012-04-01 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-10 20:05 - 2011-05-20 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes

2014-02-09 17:37 - 2008-11-10 14:44 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat

2014-02-07 22:03 - 2008-11-06 16:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype

2014-02-05 09:58 - 2014-02-12 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-05 09:56 - 2014-02-12 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-05 09:53 - 2014-02-12 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-05 09:51 - 2014-02-12 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-05 09:50 - 2014-02-12 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-05 09:49 - 2014-02-12 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-05 09:49 - 2014-02-12 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-05 09:48 - 2014-02-12 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-05 09:47 - 2014-02-12 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-05 09:47 - 2014-02-12 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-05 09:47 - 2014-02-12 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-05 09:46 - 2014-02-12 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-04 21:36 - 2010-02-10 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Additions.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01

Ran by Michael at 2014-02-15 22:06:34

Running from C:\Users\Michael\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)

7-Zip 9.20 (Version:  - )

Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Flash Player ActiveX (Version: 9.0.124.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)

Any Video Converter 5 5.0.4 (Version:  - Any-Video-Converter.com)

AVerMedia A850 USB DMB-TH 1.0.0.26 (Version: 1.0.0.26 - AVerMedia TECHNOLOGIES, Inc.)

AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.)

AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden

Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)

CCleaner (Version: 3.22 - Piriform)

Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden

Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3 - Cisco Systems, Inc.)

Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)

Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)

Corel MediaOne (Version: 2.00.0000 - Corel Corporation)

CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden

CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.)

CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.) Hidden

CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.)

CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.) Hidden

CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.)

CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.) Hidden

CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.)

CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.) Hidden

CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.)

CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.) Hidden

DE (Version: 3.0 - Corel Corporation) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)

e-Wörterbücher (Version:  - )

FILEminimizer Pictures (Version:  - balesio AG)

Foxlink Webcam (Version: 5.8.48000.201_WHQL - Sonix)

Freeciv 2.1.9 (GTK+ client) (Version:  - )

Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Google Earth Plug-in (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden

ICQ6.5 (Version: 6.5 - ICQ)

ICQ7.5 (HKCU Version: 7.5 - ICQ)

Java 7 Update 51 (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Letstrade (Version: 1.00.0000 - Buhl Data Service)

LetsTrade Komponenten (Version:  - )

MakeDisc (Version: 3.0.2601 - CyberLink Corp.)

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)

Mozilla Maintenance Service (Version: 26.0 - Mozilla)

Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (de) - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

MyWinLocker 3 (Version: 3.1.20.0 - EgisTec)

Nero 8 Essentials (Version: 8.3.124 - Nero AG)

neroxml (Version: 1.0.0 - Nero AG) Hidden

NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)

OpenOffice.org 3.0 (Version: 3.0.9358 - OpenOffice.org)

PowerDVD (Version: 7.0.3118.0 - PowerDVDCorp.)

Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (Version: 3.0.1.3 - Realtek Semiconductor Corp.)

Sceneo AbsolutTV (Version:  - )

Schiff-Simulator 2008 (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)

TVsweeper 3 (Version: 3.0.3 - Sonavis)

Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)

Update Manager (Version: 4.60 - Corel Corporation) Hidden

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

VITAKEY (Version: 6.0.1.41 - EgisTec)

VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden

VLC media player 1.0.5 (Version: 1.0.5 - VideoLAN Team)

waterMark V2 (Version:  - )

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 14.0.8064.0206 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Movie Maker-Betaversion (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)

Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)

WISO Mein Geld 2008 Professional (Version: 9.00.01.0023 - Buhl Data Service GmbH)

X10 Hardware(TM) (Version:  - )

Youtube Downloader HD v. 2.6 (Version:  - YoutubeDownloaderHD.com)
 

==================== Restore Points  =========================
 

Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 

==================== Hosts content: ==========================
 

2006-11-02 11:23 - 2014-02-11 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => ?
 

==================== Loaded Modules (whitelisted) =============
 

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

2008-08-28 10:58 - 2008-08-28 14:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Michael (Admin)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ6.5\ICQ.exe" silent

MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

MSCONFIG\startupreg: RemoteControl => "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"

MSCONFIG\startupreg: toolbar_eula_launcher => C:\Program Files\GoogleEULA\EULALauncher.exe

MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\2.0"

MSCONFIG\startupreg: VitaKeyPdtWzd => C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-ISATAP-Adapter

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Systemfehler 5 aufgetreten.
 

Zugriff verweigert
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 41%

Total physical RAM: 3065.96 MB

Available physical RAM: 1791.95 MB

Total Pagefile: 6330.94 MB

Available Pagefile: 4973.63 MB

Total Virtual: 2047.88 MB

Available Virtual: 1911.55 MB
 

==================== Drives ================================
 

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:55.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7.11 GB) FAT32
 

==================== MBR & Partition Table ==================
 

==================== End Of Log ============================

Meine Mutter hat auf ihrem Rechner übrigens genau das gleiche Problem (und auch hier nur auf Ebay).

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo,

ich versuche mal der Reihe nach vorzugehen:

1. Revo Uninstaller:

Bevor ich das durchgeführt habe, war Firefox bei jedem Öffnen des Programmes wieder im Grundzustand. Jegliche Änderungen, welche ich vorgenommen habe, wurden rückgängig gemacht. Den Uninstaller habe ich so durchlaufen lassen, dass sämtliche Daten und Einträge in der Registry gelöscht sein sollten. Trotzdem waren nach der Neuinstallation die Lesezeichen und die komplette Chronik noch vorhanden. Außerdem konnte ich komischerweise mit dem Internetexplorer die Installationsdatei für Firefox nicht herunterladen. Über Umwege konnte Firefox dann doch wieder installiert werden.

2. Eset Smartinstaller:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=6a4c836927d9f24189ae4020fe5e7e38

# engine=17126

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-02-19 12:16:53

# local_time=2014-02-19 01:16:53 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 35432073 230301741 0 0

# scanned=223103

# found=5

# cleaned=0

# scan_time=10147

sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H49YUIR\ApnIC[1].0"

sh=65F759B3A08AE92BE0704DC65BA34D5A460066C2 ft=1 fh=75c53bd01a87a8cc vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\avira_antivir_personal_de.exe"

sh=979982A8CD2681AA6FF9619598253DF4399C4DA9 ft=1 fh=9c666dd44fc1d084 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\Avira\avira_free_antivirus_de_13.0.0.2688.exe"

sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\CCleaner\ccsetup322.exe"

sh=8A6709AECCC17192725A8AF35421911DB26CEDB0 ft=1 fh=a909aa4eeedd8c6b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\xx\Allgemeine Computersoftware\Video Converter\avc504-free.exe"

3. SecurityCheck checkup.txt:

Code:

 Results of screen317's Security Check version 0.99.79  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  
 ``````````````Antivirus/Firewall Check:`````````````` 

Kaspersky Internet Security   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 CCleaner     

 Java 7 Update 51  

 Adobe Flash Player         12.0.0.44  

 Adobe Reader 9  

 Adobe Reader XI  

 Mozilla Thunderbird (3.1.7) Thunderbird out of Date!  
 ````````Process Check: objlist.exe by Laurent````````  

 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  

 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

Nachtrag:
4. FRST
FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014

Ran by Michael (ATTENTION: The logged in user is not administrator) on SCHLEPPTOPF-PC on 20-02-2014 21:52:48

Running from C:\Users\Michael\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Windows\tsnp2uvc.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\system32\sdclt.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)

HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()

HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKU\.DEFAULT\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3885408 2009-02-06] (Microsoft Corporation)

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {07279b00-a77f-11dd-a0df-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdc93-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdca5-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcaf-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

HKU\S-1-5-21-399314428-2372084609-4159001784-1003\...\MountPoints2: {f0acdcb3-26fb-11e1-8510-001f1609b82b} - G:\AutoRun.exe

Lsa: [Notification Packages] C:\Program Files\EgisTec\VITAKEY\PwdFilter

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\0lu3iyni.default-1392756081868

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

========================== Services (Whitelisted) =================
 

R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia)

R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] ()

R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)

R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()

R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)

R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] ()

R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
 

==================== Drivers (Whitelisted) ====================
 

S3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)

R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)

R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-12] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576096 2014-02-18] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-12] (Kaspersky Lab ZAO)

R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)

R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)

R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-02-18] (Kaspersky Lab ZAO)

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-20 21:23 - 2014-02-20 21:23 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe

2014-02-18 22:15 - 2014-02-18 22:15 - 00000000 ____D () C:\Program Files\ESET

2014-02-18 21:34 - 2014-02-18 21:34 - 00000915 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-02-18 21:34 - 2014-02-18 21:34 - 00000907 _____ () C:\Users\Michael\Desktop\Mozilla Firefox.lnk

2014-02-18 21:34 - 2014-02-18 21:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\Mozilla Firefox

2014-02-18 21:06 - 2014-02-18 21:06 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-02-18 21:04 - 2014-02-18 21:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael\Desktop\revosetup95.exe

2014-02-15 22:06 - 2014-02-15 22:06 - 00018790 _____ () C:\Users\Michael\Desktop\Addition.txt

2014-02-15 22:04 - 2014-02-20 21:53 - 00013503 _____ () C:\Users\Michael\Desktop\FRST.txt

2014-02-15 22:04 - 2014-02-20 21:52 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion

2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT

2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe

2014-02-13 21:03 - 2014-02-16 20:33 - 00000000 ____D () C:\AdwCleaner

2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe

2014-02-12 03:03 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 03:03 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-12 03:03 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 03:03 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 03:03 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 03:03 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-12 03:03 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 03:03 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-12 03:03 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 03:03 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 03:03 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 03:03 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-12 03:03 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt

2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\Qoobox

2014-02-11 20:48 - 2014-02-11 21:00 - 00000000 ____D () C:\ComboFix

2014-02-11 20:48 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-11 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-11 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-11 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-02-11 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-02-11 20:47 - 2014-02-11 20:58 - 00000000 ____D () C:\Windows\erdnt

2014-02-11 20:41 - 2014-02-11 20:42 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe

2014-02-10 20:10 - 2014-02-20 21:52 - 00000000 ____D () C:\FRST

2014-02-10 19:45 - 2014-02-20 21:52 - 01142784 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe

2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
 

==================== One Month Modified Files and Folders =======
 

2014-02-20 21:53 - 2014-02-15 22:04 - 00013503 _____ () C:\Users\Michael\Desktop\FRST.txt

2014-02-20 21:52 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion

2014-02-20 21:52 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST

2014-02-20 21:52 - 2014-02-10 19:45 - 01142784 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe

2014-02-20 21:51 - 2008-11-01 23:57 - 00000000 ____D () C:\xx

2014-02-20 21:50 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

2014-02-20 21:23 - 2014-02-20 21:23 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe

2014-02-20 21:23 - 2013-03-30 16:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-02-20 21:23 - 2008-08-28 05:28 - 00220409 _____ () C:\ProgramData\nvModes.001

2014-02-20 21:15 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-20 21:14 - 2008-10-31 21:16 - 01091543 _____ () C:\Windows\WindowsUpdate.log

2014-02-20 21:10 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-02-20 21:08 - 2013-01-26 00:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-20 21:08 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-20 21:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-20 21:08 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-20 21:08 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-20 21:07 - 2008-08-28 03:21 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-02-20 21:00 - 2013-01-26 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-20 20:59 - 2008-08-28 05:22 - 00220409 _____ () C:\ProgramData\nvModes.dat

2014-02-20 19:44 - 2012-10-06 18:51 - 00198518 _____ () C:\Windows\PFRO.log

2014-02-18 22:15 - 2014-02-18 22:15 - 00000000 ____D () C:\Program Files\ESET

2014-02-18 21:34 - 2014-02-18 21:34 - 00000915 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-02-18 21:34 - 2014-02-18 21:34 - 00000907 _____ () C:\Users\Michael\Desktop\Mozilla Firefox.lnk

2014-02-18 21:34 - 2014-02-18 21:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\Mozilla Firefox

2014-02-18 21:11 - 2013-10-17 15:47 - 00576096 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2014-02-18 21:11 - 2013-10-17 15:47 - 00025184 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys

2014-02-18 21:11 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys

2014-02-18 21:06 - 2014-02-18 21:06 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-02-18 21:04 - 2014-02-18 21:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael\Desktop\revosetup95.exe

2014-02-16 20:33 - 2014-02-13 21:03 - 00000000 ____D () C:\AdwCleaner

2014-02-15 22:06 - 2014-02-15 22:06 - 00018790 _____ () C:\Users\Michael\Desktop\Addition.txt

2014-02-13 21:23 - 2014-02-13 21:23 - 00000000 ____D () C:\Windows\ERUNT

2014-02-13 21:21 - 2014-02-13 21:21 - 01037530 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe

2014-02-13 21:02 - 2014-02-13 21:02 - 01166132 _____ () C:\Users\Michael\Desktop\adwcleaner.exe

2014-02-12 03:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-12 03:17 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-12 03:15 - 2013-08-26 02:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-12 03:11 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\Qoobox

2014-02-11 21:00 - 2014-02-11 20:48 - 00000000 ____D () C:\ComboFix

2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default

2014-02-11 21:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public

2014-02-11 20:59 - 2014-02-11 20:59 - 00012673 _____ () C:\ComboFix.txt

2014-02-11 20:58 - 2014-02-11 20:47 - 00000000 ____D () C:\Windows\erdnt

2014-02-11 20:58 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2014-02-11 20:42 - 2014-02-11 20:41 - 05180278 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe

2014-02-10 20:05 - 2012-04-01 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-10 20:05 - 2011-05-20 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-09 20:45 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes

2014-02-09 17:37 - 2008-11-10 14:44 - 00000680 _____ () C:\Users\Michael\AppData\Local\d3d9caps.dat

2014-02-07 22:03 - 2008-11-06 16:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype

2014-02-05 09:58 - 2014-02-12 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-05 09:56 - 2014-02-12 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-05 09:53 - 2014-02-12 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-05 09:51 - 2014-02-12 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-05 09:50 - 2014-02-12 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-05 09:49 - 2014-02-12 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-05 09:49 - 2014-02-12 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-05 09:48 - 2014-02-12 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-05 09:48 - 2014-02-12 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-05 09:47 - 2014-02-12 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-05 09:47 - 2014-02-12 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-05 09:47 - 2014-02-12 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-05 09:46 - 2014-02-12 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-04 21:36 - 2010-02-10 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-02-2014

Ran by Michael at 2014-02-20 21:53:53

Running from C:\Users\Michael\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)

7-Zip 9.20 (Version:  - )

Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Flash Player ActiveX (Version: 9.0.124.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)

Any Video Converter 5 5.0.4 (Version:  - Any-Video-Converter.com)

AVerMedia A850 USB DMB-TH 1.0.0.26 (Version: 1.0.0.26 - AVerMedia TECHNOLOGIES, Inc.)

AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.)

AVerTV (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden

Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)

CCleaner (Version: 3.22 - Piriform)

Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden

Cisco Systems VPN Client 5.0.03.0530 (Version: 5.0.3 - Cisco Systems, Inc.)

Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)

Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)

Corel MediaOne (Version: 2.00.0000 - Corel Corporation)

CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden

CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.)

CyberLink MediaShow (Version: 4.1.2014 - CyberLink Corp.) Hidden

CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.)

CyberLink PhotoNow (Version: 1.1.5203 - CyberLink Corp.) Hidden

CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.)

CyberLink PowerDirector (Version: 7.0.2014 - CyberLink Corp.) Hidden

CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.)

CyberLink PowerProducer (Version: 5.0815 - CyberLink Corp.) Hidden

CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.)

CyberLink YouCam (Version: 2.0.1916 - CyberLink Corp.) Hidden

DE (Version: 3.0 - Corel Corporation) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)

ESET Online Scanner v3 (Version:  - )

e-Wörterbücher (Version:  - )

FILEminimizer Pictures (Version:  - balesio AG)

Foxlink Webcam (Version: 5.8.48000.201_WHQL - Sonix)

Freeciv 2.1.9 (GTK+ client) (Version:  - )

Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Google Earth Plug-in (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

ICQ6.5 (Version: 6.5 - ICQ)

ICQ7.5 (HKCU Version: 7.5 - ICQ)

Java 7 Update 51 (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Letstrade (Version: 1.00.0000 - Buhl Data Service)

LetsTrade Komponenten (Version:  - )

MakeDisc (Version: 3.0.2601 - CyberLink Corp.)

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 de) (HKCU Version: 27.0.1 - Mozilla)

Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (de) - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

MyWinLocker 3 (Version: 3.1.20.0 - EgisTec)

Nero 8 Essentials (Version: 8.3.124 - Nero AG)

neroxml (Version: 1.0.0 - Nero AG) Hidden

NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)

OpenOffice.org 3.0 (Version: 3.0.9358 - OpenOffice.org)

PowerDVD (Version: 7.0.3118.0 - PowerDVDCorp.)

Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (Version: 3.0.1.3 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)

Sceneo AbsolutTV (Version:  - )

Schiff-Simulator 2008 (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)

TVsweeper 3 (Version: 3.0.3 - Sonavis)

Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)

Update Manager (Version: 4.60 - Corel Corporation) Hidden

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

VITAKEY (Version: 6.0.1.41 - EgisTec)

VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden

VLC media player 1.0.5 (Version: 1.0.5 - VideoLAN Team)

waterMark V2 (Version:  - )

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 14.0.8064.0206 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Movie Maker-Betaversion (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)

Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)

WISO Mein Geld 2008 Professional (Version: 9.00.01.0023 - Buhl Data Service GmbH)

X10 Hardware(TM) (Version:  - )

Youtube Downloader HD v. 2.6 (Version:  - YoutubeDownloaderHD.com)
 

==================== Restore Points  =========================
 

Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 

==================== Hosts content: ==========================
 

2006-11-02 11:23 - 2014-02-11 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => ?
 

==================== Loaded Modules (whitelisted) =============
 

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

2008-08-28 10:58 - 2008-08-28 14:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Michael (Admin)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ6.5\ICQ.exe" silent

MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

MSCONFIG\startupreg: RemoteControl => "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"

MSCONFIG\startupreg: toolbar_eula_launcher => C:\Program Files\GoogleEULA\EULALauncher.exe

MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\2.0"

MSCONFIG\startupreg: VitaKeyPdtWzd => C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-ISATAP-Adapter

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Systemfehler 5 aufgetreten.
 

Zugriff verweigert
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 46%

Total physical RAM: 3065.96 MB

Available physical RAM: 1632.2 MB

Total Pagefile: 6332.89 MB

Available Pagefile: 4936.56 MB

Total Virtual: 2047.88 MB

Available Virtual: 1914.52 MB
 

==================== Drives ================================
 

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:49.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7.11 GB) FAT32

Drive z: (Diverses) (Network) (Total:1829.34 GB) (Free:1105.92 GB) NTFS
 

==================== MBR & Partition Table ==================
 

==================== End Of Log ============================

Wurde FF auch zurückgesetzt wie ich es verlinkt habe? Noch Probleme?

Hallo. Ja, FF wurde wie oben verlinkt zurückgesetzt. Das Problem besteht nicht mehr. Allerdings muss ich sagen, dass ein anderer Computer, bei dem das Problem vorher auch bestand und an dem ich nichts getan habe, dieses Problem nun auch nicht mehr hat. Mir scheint das nicht ganz Koscher.

Speedprobleme und Co können auch vom Router kommen, trenn das Teil mal sauber 30 min vom Strom.

Zu den Speedproblemen: Nach dem Durchlauf mit Combofix ging der Systemstart 2-3 Mal recht schnell. Danach wurde er wieder langsam. Mit dem Laptop bin ich über zwei verschiedene Router mit dem Internet verbunden gewesen (bei mir und bei meinen Eltern). Bei beiden trat das Problem mit den neuen Tabs auf.

Mir bereitet die Tatsache Sorgen, dass das Problem an Rechner 2 OHNE mein Zutun nicht mehr autritt. Wobei ich dazu sagen muss, dass an dem Rechner seit anderthalb Wochen niemand außer mir dran war.

Aber aktuell gibt es keine Probleme mehr? Beobachte das mal und melde dich wieder.