This time it caught me too-stolen.data

Kasunekoi · January 18, 2014

Good Day together ,

yesterday it seems i was a bit careless. During testing of some programms i suddenly recognized a subject like "show password" in my programm-uninstal-list. Immediately i shut down my browsers and run a scan with Malwarebytes. Direct hit. MWB founded 7 entrys with stolen.data-, some of it in my registy. I tried several time to delete my issue. But no way. It seems this time i have no choice than accept professional help. I know my english is not the best, but at least we can understand each other with it and i really dont know a better site than this to call for help. So Please could someone lead me through step by step? I would be very grateful and promise to follow every step, just like instructed.

This is my first doing something like this so please be easy on me.^^"

Thank you everyone.

Here my data of dds:

Attach.txt

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12.07.2013 01:23:13

System Uptime: 18.01.2014 15:53:55 (3 hours ago)

.

Motherboard: TOSHIBA | | PWWAA

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU | 2533/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 57,574 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 84,764 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP145: 13.01.2014 19:47:55 - Macromedia Authorware Web Player Installation

RP146: 13.01.2014 19:49:08 - Macromedia Authorware Web Player Installation

RP147: 17.01.2014 23:16:52 - Installed Anime downloader.

RP148: 17.01.2014 23:48:52 - Removed Anime downloader.

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

Adobe AIR

Adobe Flash Player 12 Plugin

Adobe Photoshop CS

Adobe Reader XI (11.0.06) - Deutsch

Adobe Shockwave Player 12.0

AMD Catalyst Install Manager

Asami's Sushi Shop

Avira Free Antivirus

Big Fish: Game Manager

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428

Run by Kuroi no shiroi at 18:37:47 on 2014-01-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3955.1810 [GMT 1:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Wacom\WacomHost.exe

C:\Program Files\Tablet\Pen\WacomHost.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Windows\splwow64.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

uRunOnce: [dlfvg] C:\Users\KUROIN~1\dlfvg\12991.vbs

uRunOnce: [okcpc] C:\Users\KUROIN~1\okcpc\54665.vbs

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

StartupFolder: C:\Users\KUROIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\start.lnk - C:\Users\Kuroi no shiroi\okcpc\54665.vbs

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

TCP: NameServer = 194.183.130.242 192.168.0.1

TCP: Interfaces\{35716889-2EEB-4BC4-B955-67B7A4D08589} : DHCPNameServer = 194.183.130.242 192.168.0.1

TCP: Interfaces\{35716889-2EEB-4BC4-B955-67B7A4D08589}\F4C6C6960275C616E6 : DHCPNameServer = 194.183.130.242 192.168.0.1

TCP: Interfaces\{79C7170D-CBAF-4935-8192-BD2F6852E57A} : DHCPNameServer = 194.183.130.242 192.168.0.1

TCP: Interfaces\{79C7170D-CBAF-4935-8192-BD2F6852E57A}\1413D2731403236333 : DHCPNameServer = 10.0.0.138

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kuroi no shiroi\AppData\Roaming\Mozilla\Firefox\Profiles\d91hzoe7.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\NPOFF12.DLL

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npvlc.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Users\Kuroi no shiroi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Kuroi no shiroi\AppData\Roaming\Mozilla\Firefox\Profiles\d91hzoe7.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

FF - ExtSQL: 2013-12-12 15:55; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.ividi.id - 003ee0d800000000000020e52aed883d

FF - user.js: extensions.ividi.appId - {685F23D9-FCFD-475C-B56A-362645945C5A}

FF - user.js: extensions.ividi.instlDay - 15925

FF - user.js: extensions.ividi.vrsn - 1.8.23.0

FF - user.js: extensions.ividi.vrsni - 1.8.23.0

FF - user.js: extensions.ividi.vrsnTs - 1.8.23.021:18:20

FF - user.js: extensions.ividi.prtnrId - ividi

FF - user.js: extensions.ividi.prdct - ividi

FF - user.js: extensions.ividi.aflt - 3

FF - user.js: extensions.ividi.smplGrp - none

FF - user.js: extensions.ividi.tlbrId - base

FF - user.js: extensions.ividi.instlRef -

FF - user.js: extensions.ividi.dfltLng -

FF - user.js: extensions.ividi.excTlbr - true

FF - user.js: extensions.ividi.ffxUnstlRst - false

FF - user.js: extensions.ividi.admin - false

FF - user.js: extensions.ividi.autoRvrt - false

FF - user.js: extensions.ividi.rvrt - false

FF - user.js: extensions.ividi.newTab - false

.

FF - user.js: extensions.shownSelectionUI - true

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-10-5 28600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-12 203264]

R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-10-5 440376]

R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-10-5 440376]

R2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-10-5 1011768]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-10-5 108440]

R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-10-5 84720]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-7-12 1811456]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-11-14 232192]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-21 1403200]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-12 2320920]

R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-7-13 619904]

R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-7-13 598808]

R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2013-7-12 20592]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2013-7-12 56344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]

S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-7-13 14136]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-17 111616]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-7-12 232992]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2013-7-12 1143400]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-12 59392]

S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-7-13 85304]

S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-7-13 15344]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-13 1255736]

.

=============== Created Last 30 ================

.

2014-01-18 16:58:27 -------- d-----w- C:\AdwCleaner

2014-01-17 22:17:44 -------- d-sh--r- C:\Users\Kuroi no shiroi\okcpc

2014-01-17 22:17:44 -------- d-sh--r- C:\Users\Kuroi no shiroi\dlfvg

2014-01-17 22:17:42 -------- d-sh--r- C:\Users\Kuroi no shiroi\hnyhe

2014-01-17 22:16:19 -------- d-----w- C:\Users\Kuroi no shiroi\AppData\Local\Downloaded Installations

2014-01-17 21:49:49 -------- d-----w- C:\Users\Kuroi no shiroi\AppData\Local\Jaksta_Technologies_Pty_L

2014-01-17 21:29:31 -------- d-----w- C:\Windows\Jaksta

2014-01-17 21:29:29 -------- d-----w- C:\Program Files (x86)\Applian Technologies

2014-01-17 18:43:23 -------- d-----w- C:\Users\Kuroi no shiroi\dwhelper

2014-01-17 16:00:25 -------- d-----w- C:\Users\Kuroi no shiroi\AppData\Local\My_MP4Box_GUI

2014-01-17 15:59:48 -------- d-----w- C:\Program Files\My MP4Box GUI

2014-01-17 15:31:48 -------- d-----w- C:\Users\Kuroi no shiroi\AppData\Roaming\Ashampoo

2014-01-17 15:31:38 -------- d-----w- C:\ProgramData\Ashampoo

2014-01-16 18:24:22 53248 ----a-r- C:\Users\Kuroi no shiroi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2014-01-13 19:29:38 381459 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\Plugins\npvlc.dll

2014-01-09 19:59:32 -------- d-----w- C:\Windows\SysWow64\Adobe

2014-01-08 11:54:33 -------- d-----w- C:\ProgramData\TOSHIBA Tempro

2014-01-08 11:54:33 -------- d-----w- C:\ProgramData\IsolatedStorage

2014-01-08 11:50:10 -------- d-----w- C:\Program Files (x86)\Toshiba TEMPRO

2014-01-06 03:26:12 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-12-23 11:15:09 765952 ----a-w- C:\Windows\SysWow64\msvcp71d.dll

2013-12-23 11:15:09 544768 ----a-w- C:\Windows\SysWow64\msvcr71d.dll

2013-12-23 11:15:09 2174464 ----a-w- C:\Windows\SysWow64\mfc71ud.dll

2013-12-23 11:15:08 -------- d-----w- C:\Program Files (x86)\Noki

2013-12-22 13:43:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-22 13:43:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-22 13:17:23 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-22 13:17:23 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-22 13:17:22 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-22 13:17:21 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

.

==================== Find3M ====================

.

2014-01-16 18:24:36 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2014-01-02 16:16:27 96784 ----a-w- C:\Windows\SysWow64\packet.dll

2014-01-02 16:16:27 369168 ----a-w- C:\Windows\System32\wpcap.dll

2014-01-02 16:16:27 35344 ----a-w- C:\Windows\System32\drivers\npf.sys

2014-01-02 16:16:27 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

2014-01-02 16:16:27 106000 ----a-w- C:\Windows\System32\packet.dll

2013-12-12 11:06:46 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-12-12 11:06:46 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-12-05 09:23:46 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-24 08:06:06 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-11-24 08:06:06 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll

2013-11-24 08:04:17 878080 ----a-w- C:\Windows\System32\advapi32.dll

2013-11-12 09:15:16 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 18:38:08,47 ===============

Kasunekoi · January 18, 2014

Edit:

MWB-logfile. Sorry for forgetting first.

mbam-log-2014-01-18 (16-03-51).txt

Tomk1 · January 18, 2014

Hi Kasunekoi,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for the issues on this machine.

Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Please reply to this thread. Do not start a new topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Let's give this a try:

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html
Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Kasunekoi · January 18, 2014

Good evening Tomk1,

thank you so much for your fast response.

I let combofix running through my system, so here is your wished logfile, if you want.

ComboFix 14-01-16.03 - Kuroi no shiroi 18.01.2014 21:02:08.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3955.1659 [GMT 1:00]

ausgeführt von:: c:\users\Kuroi no shiroi\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\3ED75C8FF8.sys

c:\users\Kuroi no shiroi\dlfvg

c:\users\Kuroi no shiroi\dlfvg\12991.vbs

c:\users\Kuroi no shiroi\dlfvg\57532.cmd

c:\users\Kuroi no shiroi\dlfvg\GUNIgQnvxAZ.JQK

c:\users\Kuroi no shiroi\dlfvg\jSxzXukKrp.NPS

c:\users\Kuroi no shiroi\dlfvg\XqfaYMEN.exe

c:\users\Kuroi no shiroi\dlfvg\z

c:\users\Kuroi no shiroi\hnyhe

c:\users\Kuroi no shiroi\hnyhe\bfsvc.exe

c:\users\Kuroi no shiroi\hnyhe\GaGHRVYKgpWm.ING

c:\users\Kuroi no shiroi\hnyhe\iEGaF.EZL

c:\users\Kuroi no shiroi\hnyhe\k

c:\users\Kuroi no shiroi\hnyhe\PihrB.exe

c:\users\Kuroi no shiroi\hnyhe\svchost4.exe

c:\users\Kuroi no shiroi\okcpc

c:\users\Kuroi no shiroi\okcpc\35077.cmd

c:\users\Kuroi no shiroi\okcpc\54665.vbs

c:\users\Kuroi no shiroi\okcpc\pQvggXg.exe

c:\users\Kuroi no shiroi\okcpc\PzhKwJ.PNL

c:\users\Kuroi no shiroi\okcpc\y

c:\users\Kuroi no shiroi\okcpc\YJlciAYPOSNf.EMH

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

.

((((((((((((((((((((((( Dateien erstellt von 2013-12-18 bis 2014-01-18 ))))))))))))))))))))))))))))))

.

2014-01-18 16:58 . 2014-01-18 17:32 -------- d-----w- C:\AdwCleaner

2014-01-17 22:16 . 2014-01-17 22:16 -------- d-----w- c:\users\Kuroi no shiroi\AppData\Local\Downloaded Installations

2014-01-17 21:49 . 2014-01-18 14:52 -------- d-----w- c:\users\Kuroi no shiroi\AppData\Local\Jaksta_Technologies_Pty_L

2014-01-17 21:29 . 2014-01-18 14:54 -------- d-----w- c:\windows\Jaksta

2014-01-17 21:29 . 2014-01-18 14:52 -------- d-----w- c:\program files (x86)\Applian Technologies

2014-01-17 18:43 . 2014-01-17 18:43 -------- d-----w- c:\users\Kuroi no shiroi\dwhelper

2014-01-17 16:00 . 2014-01-17 16:00 -------- d-----w- c:\users\Kuroi no shiroi\AppData\Local\My_MP4Box_GUI

2014-01-17 15:59 . 2014-01-17 15:59 -------- d-----w- c:\program files\My MP4Box GUI

2014-01-17 15:31 . 2014-01-17 15:31 -------- d-----w- c:\users\Kuroi no shiroi\AppData\Roaming\Ashampoo

2014-01-17 15:31 . 2014-01-17 15:31 -------- d-----w- c:\programdata\Ashampoo

2014-01-16 18:24 . 2014-01-16 18:24 53248 ----a-r- c:\users\Kuroi no shiroi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2014-01-13 19:29 . 2014-01-13 19:29 381459 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\Plugins\npvlc.dll

2014-01-09 19:59 . 2014-01-09 19:59 -------- d-----w- c:\windows\SysWow64\Adobe

2014-01-09 06:52 . 2014-01-09 06:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2014-01-08 11:54 . 2014-01-08 11:54 -------- d-----w- c:\programdata\TOSHIBA Tempro

2014-01-08 11:54 . 2014-01-08 11:54 -------- d-----w- c:\programdata\IsolatedStorage

2014-01-08 11:50 . 2014-01-09 17:04 -------- d-----w- c:\program files (x86)\Toshiba TEMPRO

2014-01-06 03:26 . 2014-01-06 03:26 -------- d-----w- c:\program files (x86)\VideoLAN

2014-01-05 15:13 . 2014-01-05 15:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-01-05 15:12 . 2014-01-05 15:12 -------- d-----w- c:\program files (x86)\Java

2014-01-04 19:55 . 2014-01-09 20:42 -------- d-----w- c:\program files (x86)\Google

2013-12-23 11:15 . 2003-04-07 05:00 765952 ----a-w- c:\windows\SysWow64\msvcp71d.dll

2013-12-23 11:15 . 2003-04-07 05:00 544768 ----a-w- c:\windows\SysWow64\msvcr71d.dll

2013-12-23 11:15 . 2003-04-07 05:00 2174464 ----a-w- c:\windows\SysWow64\mfc71ud.dll

2013-12-23 11:15 . 2013-12-23 11:15 -------- d-----w- c:\program files (x86)\Noki

2013-12-22 13:43 . 2014-01-17 15:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-22 13:43 . 2014-01-17 15:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-22 13:17 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-22 13:17 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-22 13:17 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-22 13:17 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-22 13:17 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-16 18:24 . 2013-07-12 17:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2014-01-02 16:16 . 2013-07-12 17:29 369168 ----a-w- c:\windows\system32\wpcap.dll

2014-01-02 16:16 . 2013-07-12 17:29 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2014-01-02 16:16 . 2013-07-12 17:29 106000 ----a-w- c:\windows\system32\packet.dll

2013-12-16 22:18 . 2013-07-13 18:34 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-12 11:06 . 2013-10-05 17:55 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-12-12 11:06 . 2013-10-05 17:55 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-12-12 11:06 . 2013-10-05 17:55 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-12-05 09:23 . 2013-12-05 09:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2013-11-26 11:54 . 2013-12-17 04:52 23183360 ----a-w- c:\windows\system32\mshtml.dll

2013-11-26 10:19 . 2013-12-17 04:52 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 10:18 . 2013-12-17 04:52 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 09:48 . 2013-12-17 04:52 66048 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 09:46 . 2013-12-17 04:52 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 09:41 . 2013-12-17 04:52 2764288 ----a-w- c:\windows\system32\iertutil.dll

2013-11-26 09:29 . 2013-12-17 04:52 53760 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-26 09:27 . 2013-12-17 04:52 33792 ----a-w- c:\windows\system32\iernonce.dll

2013-11-26 09:23 . 2013-12-17 04:52 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-11-26 09:21 . 2013-12-17 04:52 574976 ----a-w- c:\windows\system32\ieui.dll

2013-11-26 09:18 . 2013-12-17 04:52 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 09:18 . 2013-12-17 04:52 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 09:16 . 2013-12-17 04:52 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:57 . 2013-12-17 04:52 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2013-11-26 08:35 . 2013-12-17 04:52 5769216 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 08:28 . 2013-12-17 04:52 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16 . 2013-12-17 04:52 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-11-26 08:02 . 2013-12-17 04:52 1995264 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 07:48 . 2013-12-17 04:52 12996608 ----a-w- c:\windows\system32\ieframe.dll

2013-11-26 07:32 . 2013-12-17 04:52 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07 . 2013-12-17 04:52 2334208 ----a-w- c:\windows\system32\wininet.dll

2013-11-26 06:40 . 2013-12-17 04:52 1395200 ----a-w- c:\windows\system32\urlmon.dll

2013-11-26 06:34 . 2013-12-17 04:52 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2013-11-26 06:33 . 2013-12-17 04:52 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-24 08:06 . 2013-11-24 08:06 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-24 08:06 . 2013-11-24 08:06 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-24 08:05 . 2013-11-24 08:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-24 08:05 . 2013-11-24 08:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-24 08:05 . 2013-11-24 08:05 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-24 08:05 . 2013-11-24 08:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-24 08:05 . 2013-11-24 08:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-24 08:05 . 2013-11-24 08:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-24 08:05 . 2013-11-24 08:05 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-24 08:05 . 2013-11-24 08:05 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-24 08:05 . 2013-11-24 08:05 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-24 08:05 . 2013-11-24 08:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-24 08:05 . 2013-11-24 08:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-24 08:05 . 2013-11-24 08:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-24 08:05 . 2013-11-24 08:05 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-24 08:05 . 2013-11-24 08:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-24 08:05 . 2013-11-24 08:05 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-24 08:05 . 2013-11-24 08:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-24 08:05 . 2013-11-24 08:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-24 08:05 . 2013-11-24 08:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-24 08:05 . 2013-11-24 08:05 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-24 08:05 . 2013-11-24 08:05 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-24 08:05 . 2013-11-24 08:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-24 08:05 . 2013-11-24 08:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-24 08:05 . 2013-11-24 08:05 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-24 08:05 . 2013-11-24 08:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-24 08:05 . 2013-11-24 08:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-24 08:05 . 2013-11-24 08:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-24 08:05 . 2013-11-24 08:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-24 08:05 . 2013-11-24 08:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-24 08:05 . 2013-11-24 08:05 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-24 08:05 . 2013-11-24 08:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-24 08:05 . 2013-11-24 08:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-24 08:05 . 2013-11-24 08:05 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-24 08:05 . 2013-11-24 08:05 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-24 08:05 . 2013-11-24 08:05 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-24 08:05 . 2013-11-24 08:05 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-24 08:05 . 2013-11-24 08:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-24 08:05 . 2013-11-24 08:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-24 08:05 . 2013-11-24 08:05 413696 ----a-w- c:\windows\system32\html.iec

2013-11-24 08:05 . 2013-11-24 08:05 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-24 08:05 . 2013-11-24 08:05 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-24 08:05 . 2013-11-24 08:05 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-24 08:05 . 2013-11-24 08:05 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-24 08:05 . 2013-11-24 08:05 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-24 08:05 . 2013-11-24 08:05 235520 ----a-w- c:\windows\system32\url.dll

2013-11-24 08:05 . 2013-11-24 08:05 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-24 08:05 . 2013-11-24 08:05 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-24 08:05 . 2013-11-24 08:05 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-24 08:05 . 2013-11-24 08:05 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-24 08:05 . 2013-11-24 08:05 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-24 08:05 . 2013-11-24 08:05 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-24 08:05 . 2013-11-24 08:05 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-24 08:05 . 2013-11-24 08:05 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-24 08:05 . 2013-11-24 08:05 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-24 08:05 . 2013-11-24 08:05 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-24 08:05 . 2013-11-24 08:05 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-24 08:05 . 2013-11-24 08:05 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-24 08:05 . 2013-11-24 08:05 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-24 08:04 . 2013-11-24 08:04 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-11-24 08:04 . 2013-11-24 08:04 859648 ----a-w- c:\windows\system32\tdh.dll

2013-11-24 08:04 . 2013-11-24 08:04 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-11-24 08:04 . 2013-11-24 08:04 243712 ----a-w- c:\windows\system32\wow64.dll

2013-11-24 08:04 . 2013-11-24 08:04 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-11-24 08:04 . 2013-11-24 08:04 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-11-24 08:04 . 2013-11-24 08:04 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-11-24 08:04 . 2013-11-24 08:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

2013-12-30 20:27 294456 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-11-14 602880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-28 98304]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-7-13 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]

S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]

S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - NPF

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-16 18:55 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 20:41]

.

2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 20:41]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

2013-12-30 20:27 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

TCP: DhcpNameServer = 194.183.130.242 192.168.0.1

FF - ProfilePath - c:\users\Kuroi no shiroi\AppData\Roaming\Mozilla\Firefox\Profiles\d91hzoe7.default\

FF - ExtSQL: 2013-12-12 15:55; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF - user.js: extensions.ividi.id - 003ee0d800000000000020e52aed883d

FF - user.js: extensions.ividi.appId - {685F23D9-FCFD-475C-B56A-362645945C5A}

FF - user.js: extensions.ividi.instlDay - 15925

FF - user.js: extensions.ividi.vrsn - 1.8.23.0

FF - user.js: extensions.ividi.vrsni - 1.8.23.0

FF - user.js: extensions.ividi.vrsnTs - 1.8.23.021:18

FF - user.js: extensions.ividi.prtnrId - ividi

FF - user.js: extensions.ividi.prdct - ividi

FF - user.js: extensions.ividi.aflt - 3

FF - user.js: extensions.ividi.smplGrp - none

FF - user.js: extensions.ividi.tlbrId - base

FF - user.js: extensions.ividi.instlRef -

FF - user.js: extensions.ividi.dfltLng -

FF - user.js: extensions.ividi.excTlbr - true

FF - user.js: extensions.ividi.ffxUnstlRst - false

FF - user.js: extensions.ividi.admin - false

FF - user.js: extensions.ividi.autoRvrt - false

FF - user.js: extensions.ividi.rvrt - false

FF - user.js: extensions.ividi.newTab - false

FF - user.js: extensions.shownSelectionUI - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

c:\users\Kuroi no shiroi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk - c:\users\Kuroi no shiroi\okcpc\54665.vbs

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Tablet\Wacom\WacomHost.exe

c:\program files\Tablet\Pen\WacomHost.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-01-18 21:24:14 - PC wurde neu gestartet

ComboFix-quarantined-files.txt 2014-01-18 20:24

.

Vor Suchlauf: 12 Verzeichnis(se), 61.655.490.560 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 60.776.210.432 Bytes frei

.

- - End Of File - - 5F84BBA4FD8C35E048E293C0EE03D4B2

Tomk1 · January 18, 2014

That looks much better.

Let's get an online scan:

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

Kasunekoi · January 19, 2014

Good morning Tomk1

This scan really took its time^^"

And i wonder about my setupfiles being a threat..Oo

Besides that, after my scan with combofix it seems my box with system tray icons in my taskbar has vanished.

Is this correct? Do i have a chance to restore it back?

Anyway, i dont complain. I am glad you helping me. So like you requested here is esetscan-file.

Thank you for your patience.

C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application

C:\Users\Kuroi no shiroi\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload.exe Win32/OpenCandy application

C:\Users\Kuroi no shiroi\AppData\Roaming\eIntaller\E4545D391CA1462782AD8D4849B35235\eXQ.exe a variant of Win32/ELEX.D application

C:\Users\Kuroi no shiroi\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application

C:\Users\Kuroi no shiroi\Downloads\FreeStudio.exe multiple threats

C:\Users\Kuroi no shiroi\Downloads\rcpsetupmarm1_marm11039at.exe Win32/Systweak.B application

C:\Windows\Installer\MSI2D60.tmp a variant of Win32/Bundled.Toolbar.Ask.F application

C:\Windows\Installer\MSIA40A.tmp a variant of Win32/Bundled.Toolbar.Ask.F application

D:\programm back up\security setups\AdwCleaner - CHIP-Downloader.exe a variant of Win32/DownloadSponsor.A application

D:\this is my world\games\emulator\VisualBoyAdvance-1.7.2_windows.exe a variant of Win32/DownloadSponsor.A application

D:\this is my world\setup\autodesk-sketchbook-windows-downloader.exe Win32/Malavida.A application

D:\this is my world\setup\avira14_free_antivirus_de.exe a variant of Win32/Bundled.Toolbar.Ask.D application

Maybe until later, have a nice Day.

Kasunekoi · January 19, 2014

Hello Leader Tomk1,

i just got a update from microsoft for destroying dangerous software and need a little adwise

Should i run it or wait until we finished with this issue?

Thank in advance^^

Tomk1 · January 19, 2014

And i wonder about my setupfiles being a threat..Oo

What has happened is that the setup files have been patched so that they install not only the program you want... but also the malware. Most of these are toolbars but some are adware.

Besides that, after my scan with combofix it seems my box with system tray icons in my taskbar has vanished.
Is this correct? Do i have a chance to restore it back?

We should be able to reset it before we are done (if it doesn't return on it's own)

Can you explain more about what you received from Microsoft?

For now... let's continue cleaning.

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exeC:\Users\Kuroi no shiroi\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload.exeC:\Users\Kuroi no shiroi\AppData\Roaming\eIntaller\E4545D391CA1462782AD8D4849B35235\eXQ.exeC:\Users\Kuroi no shiroi\Downloads\ccsetup409.exeC:\Users\Kuroi no shiroi\Downloads\FreeStudio.exeC:\Users\Kuroi no shiroi\Downloads\rcpsetupmarm1_marm11039at.exeC:\Windows\Installer\MSI2D60.tmpC:\Windows\Installer\MSIA40A.tmpD:\programm back up\security setups\AdwCleaner - CHIP-Downloader.exeD:\this is my world\games\emulator\VisualBoyAdvance-1.7.2_windows.exeD:\this is my world\setup\autodesk-sketchbook-windows-downloader.exeD:\this is my world\setup\avira14_free_antivirus_de.exe

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Kasunekoi · January 19, 2014

Welcome back tomk1,

again thank you for your support

For your question. Unfortunally i dont know the exactly explanation for this Programm. So i will try to describe it. Its a selfacting update from microsoft for PC Security. Its purpose is a tool running through my system one time and detect/eliminate threats, if the PC is infected. Almost every month is a new version offered and downloadable.

And yeah, some programms are really sneaky. What i dont understand. Seems like the Threat is the setupfile itself. Not the programm..Oo In this case: Is it dangerous to keep some Setups to have it quick on your fingertips again?

I did for example with Setups of some grafikprogramms and Firefox, because sometimes its really difficult to get older versions again.

Anyway here is your requested logfile.

ComboFix 14-01-16.03 - Kuroi no shiroi 19.01.2014 20:21:58.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3955.2316 [GMT 1:00]

ausgeführt von:: c:\users\Kuroi no shiroi\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Kuroi no shiroi\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Neuer Wiederherstellungspunkt wurde erstellt

.

FILE ::

"c:\program files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"

"c:\users\Kuroi no shiroi\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload.exe"

"c:\users\Kuroi no shiroi\AppData\Roaming\eIntaller\E4545D391CA1462782AD8D4849B35235\eXQ.exe"

"c:\users\Kuroi no shiroi\Downloads\ccsetup409.exe"

"c:\users\Kuroi no shiroi\Downloads\FreeStudio.exe"

"c:\users\Kuroi no shiroi\Downloads\rcpsetupmarm1_marm11039at.exe"

"c:\windows\Installer\MSI2D60.tmp"

"c:\windows\Installer\MSIA40A.tmp"

"d:\programm back up\security setups\AdwCleaner - CHIP-Downloader.exe"

"d:\this is my world\games\emulator\VisualBoyAdvance-1.7.2_windows.exe"

"d:\this is my world\setup\autodesk-sketchbook-windows-downloader.exe"

"d:\this is my world\setup\avira14_free_antivirus_de.exe"

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

.

((((((((((((((((((((((( Dateien erstellt von 2013-12-19 bis 2014-01-19 ))))))))))))))))))))))))))))))

.

2014-01-19 19:29 . 2014-01-19 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-18 23:06 . 2014-01-18 23:06 -------- d-----w- c:\program files (x86)\ESET

2014-01-18 16:58 . 2014-01-18 17:32 -------- d-----w- C:\AdwCleaner

2014-01-17 22:16 . 2014-01-17 22:16 -------- d-----w- c:\users\Kuroi no shiroi\AppData\Local\Downloaded Installations

2014-01-17 21:49 . 2014-01-18 14:52 -------- d-----w- c:\users\Kuroi no shiroi\AppData\Local\Jaksta_Technologies_Pty_L

2014-01-17 21:29 . 2014-01-18 14:54 -------- d-----w- c:\windows\Jaksta

2014-01-17 21:29 . 2014-01-18 14:52 -------- d-----w- c:\program files (x86)\Applian Technologies

2014-01-17 18:43 . 2014-01-19 15:07 -------- d-----w- c:\users\Kuroi no shiroi\dwhelper