Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.11.2013, 12:21   #1
Trojan0815
 
Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



Hallo,

Malwarebytes findet öfters mal infizierte Objekte, die meist mit PUP.Optional beginnen. Kaspersky Internet Security findet nie was. Was kann ich tun? Reicht es aus, die Objekte mit Malwarebytes zu entfernen?

Hier ein Logfile von gestern:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.23.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
Windows :: WINDOWS-PC [Administrator]

Schutz: Aktiviert

25.11.2013 18:20:33
mbam-log-2013-11-25 (18-20-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 467504
Laufzeit: 3 Stunde(n), 7 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\AdwCleaner\Quarantine\C\Users\Windows\AppData\Local\Temp\OCS\ocs_v71.exe.vir (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Windows\AppData\Local\Temp\FC1D54BE-BAB0-7891-9695-CAB7603C4C0D\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Windows\AppData\Local\Temp\FC1D54BE-BAB0-7891-9695-CAB7603C4C0D\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Windows\Downloads\Babylon1002_setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Vielen Dank im Voraus

Alt 26.11.2013, 12:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 26.11.2013, 13:12   #3
Trojan0815
 
Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



hallo schrauber,

hier sind die Logdateien:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by Windows (administrator) on WINDOWS-PC on 26-11-2013 13:57:54
Running from C:\Users\Windows\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [167936 2011-08-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5041DF0B313ECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {B3A52782-75E1-4A9A-ACC4-56AD730FF6CF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C11568A1-82A3-4425-A051-C84ED2583FB7} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CE01661A-B772-46E8-BC23-4BDB1162A302} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {FBD4E46E-0B71-4987-B1FD-7DDEFBAF5089} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1680390235-139802754-1354624992-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Safe Money) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Gmail) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [575584 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
S3 SPC520; C:\Windows\System32\drivers\SPC520.sys [483328 2007-10-01] (Philips                                                     )
S3 SPC520m; C:\Windows\System32\drivers\SPC520m.sys [7680 2007-10-01] (Philips                                                     )
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [36040 2011-11-01] (Yamaha Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 13:57 - 2013-11-26 13:57 - 00018035 _____ C:\Users\Windows\Desktop\FRST.txt
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-26 13:52 - 2013-11-26 13:52 - 01091605 _____ (Farbar) C:\Users\Windows\Desktop\FRST.exe
2013-11-25 16:06 - 2013-11-25 16:06 - 00004144 _____ C:\Users\Windows\Documents\AdwCleaner Bericht vom 25.11.2013.txt
2013-11-25 15:47 - 2013-11-25 15:47 - 01091882 _____ C:\Users\Windows\Downloads\adwcleaner313.exe
2013-11-25 15:38 - 2013-11-25 15:38 - 00002242 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-23 18:55 - 2013-11-23 18:55 - 00000481 _____ C:\Users\Windows\Desktop\Anpassung - Verknüpfung.lnk
2013-11-23 17:22 - 2013-11-23 17:22 - 11617413 _____ C:\Users\Windows\Downloads\ColorSplash.themepack
2013-11-21 19:50 - 2013-11-21 19:50 - 00000000 ____D C:\Users\Windows\Documents\Fax
2013-11-21 19:27 - 2013-11-21 20:02 - 00000000 ____D C:\Program Files\ClocX
2013-11-21 19:27 - 2013-11-21 19:27 - 20897282 _____ C:\Users\Windows\Downloads\ClocX160.exe
2013-11-21 18:38 - 2013-11-21 18:40 - 113110793 _____ C:\Users\Windows\Downloads\widescreen-wallpaper.zip
2013-11-21 17:38 - 2013-11-21 17:38 - 00001351 _____ C:\Users\Windows\Desktop\aida64 - Verknüpfung.lnk
2013-11-21 17:35 - 2013-11-21 17:35 - 00000852 _____ C:\Users\Windows\Desktop\Downloads - Verknüpfung.lnk
2013-11-21 17:29 - 2011-07-18 20:40 - 00001375 _____ C:\Users\Windows\Desktop\Internet Explorer.lnk
2013-11-21 17:14 - 2013-11-21 17:14 - 00000000 ____D C:\Users\Windows\Downloads\aida64extreme400
2013-11-20 16:15 - 2013-11-20 16:15 - 00561712 _____ C:\Users\Windows\Downloads\VM311Map.zip
2013-11-20 14:16 - 2013-11-20 14:16 - 00001275 _____ C:\Users\Windows\Desktop\autoruns - Verknüpfung.lnk
2013-11-19 14:08 - 2013-11-19 14:11 - 145609959 _____ C:\Users\Windows\Downloads\Windows_7_Wallpaper.zip
2013-11-19 13:48 - 2013-11-19 13:52 - 182549774 _____ C:\Users\Windows\Downloads\Die_111_besten_Multi-Monitoring-Wallpaper.zip
2013-11-19 13:38 - 2013-11-19 13:38 - 00001203 _____ C:\Users\Windows\Desktop\Wallpaper.lnk
2013-11-19 13:28 - 2013-11-19 13:29 - 54998657 _____ C:\Users\Windows\Downloads\100_hotties.zip
2013-11-18 20:52 - 2013-11-20 16:17 - 00000000 ____D C:\Users\Windows\Downloads\Windows Tools
2013-11-17 21:07 - 2013-11-17 21:07 - 05511528 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved    ) C:\Users\Windows\Downloads\driveragent-setup-avg-794.exe
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\Users\Windows\Documents\AIDA64 Reports
2013-11-17 20:08 - 2013-11-17 20:08 - 00000000 ____D C:\Program Files\FinalWire
2013-11-17 19:38 - 2013-11-17 19:39 - 00000000 ____D C:\Users\Windows\Documents\EVEREST Reports
2013-11-17 19:08 - 2013-11-17 19:08 - 10255080 _____ (Lavalys, Inc.                                               ) C:\Users\Windows\Downloads\everestultimate550.exe
2013-11-17 16:28 - 2013-11-17 16:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\ArcSoft
2013-11-17 16:24 - 2013-11-17 18:06 - 00008064 _____ C:\Windows\DPINST.LOG
2013-11-17 16:24 - 2013-11-17 16:24 - 00000000 ____D C:\Program Files\DIFX
2013-11-17 16:24 - 1995-08-01 04:44 - 00212480 _____ (Eastman Kodak) C:\Windows\PCDLIB32.DLL
2013-11-17 16:23 - 2007-04-06 12:42 - 00073728 _____ (Philips) C:\Windows\VPro520.exe
2013-11-17 16:23 - 2003-03-19 06:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\MFC71.dll
2013-11-17 16:23 - 2003-02-21 13:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2013-11-17 16:14 - 2013-11-17 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2013-11-17 16:14 - 2007-10-01 14:38 - 00483328 _____ (Philips                                                     ) C:\Windows\system32\Drivers\SPC520.sys
2013-11-17 16:14 - 2007-10-01 14:38 - 00007680 _____ (Philips                                                     ) C:\Windows\system32\Drivers\SPC520m.sys
2013-11-17 16:14 - 2007-09-28 16:05 - 00307200 _____ (Philips) C:\Windows\system32\stvspc.ax
2013-11-16 15:02 - 2013-11-23 19:49 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2013-11-16 15:02 - 2013-11-17 12:35 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ___RD C:\Program Files\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-16 14:54 - 2013-11-16 14:55 - 35064992 _____ (Skype Technologies S.A.) C:\Users\Windows\Downloads\SkypeSetupFull.exe
2013-11-16 14:42 - 2013-11-16 14:42 - 00000000 ____D C:\Windows\de
2013-11-16 14:41 - 2013-02-05 22:57 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2013-11-16 14:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-16 14:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-16 14:39 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-16 14:39 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-16 14:37 - 2013-11-16 14:37 - 00002150 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ___RD C:\Users\Windows\SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-11-16 14:27 - 2013-11-16 14:30 - 142602520 _____ (Microsoft Corporation) C:\Users\Windows\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-11-16 14:20 - 2013-11-16 14:21 - 00000000 ____D C:\Users\Windows\AppData\Local\{02C5FB6C-C321-415D-BAD9-C7D950453B24}
2013-11-16 12:17 - 2013-11-16 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 20:50 - 2013-11-15 20:51 - 00000000 ____D C:\Users\Windows\AppData\Local\{9F0950D9-5220-43E2-9092-3F7BAAC120BB}
2013-11-13 22:41 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 22:41 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 22:41 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 22:41 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 22:41 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 09:35 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:35 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:35 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:35 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:35 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:35 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:35 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:35 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:35 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:35 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:35 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:35 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:35 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:35 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:35 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:35 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:35 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:35 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-10-31 17:18 - 2013-10-31 17:19 - 00000000 ____D C:\Users\Windows\AppData\Local\{034C3ED8-8C0A-4C1D-834E-2A6743D9E3DB}

==================== One Month Modified Files and Folders =======

2013-11-26 13:57 - 2013-11-26 13:57 - 00018035 _____ C:\Users\Windows\Desktop\FRST.txt
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-26 13:52 - 2013-11-26 13:52 - 01091605 _____ (Farbar) C:\Users\Windows\Desktop\FRST.exe
2013-11-26 13:51 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 13:51 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 13:48 - 2011-01-18 16:13 - 01811214 _____ C:\Windows\WindowsUpdate.log
2013-11-26 13:17 - 2012-10-29 10:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 12:36 - 2013-09-26 12:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-26 10:16 - 2010-12-27 23:05 - 01536940 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 10:10 - 2010-12-27 23:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-26 10:10 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 10:10 - 2009-07-14 05:39 - 00137471 _____ C:\Windows\setupact.log
2013-11-25 21:59 - 2011-01-19 16:25 - 00563164 _____ C:\Windows\PFRO.log
2013-11-25 16:06 - 2013-11-25 16:06 - 00004144 _____ C:\Users\Windows\Documents\AdwCleaner Bericht vom 25.11.2013.txt
2013-11-25 16:00 - 2013-10-06 19:50 - 00000000 ____D C:\AdwCleaner
2013-11-25 16:00 - 2011-08-04 11:10 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-25 15:47 - 2013-11-25 15:47 - 01091882 _____ C:\Users\Windows\Downloads\adwcleaner313.exe
2013-11-25 15:39 - 2012-03-02 12:28 - 00127352 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:38 - 2013-11-25 15:38 - 00002242 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-23 19:49 - 2013-11-16 15:02 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2013-11-23 18:55 - 2013-11-23 18:55 - 00000481 _____ C:\Users\Windows\Desktop\Anpassung - Verknüpfung.lnk
2013-11-23 17:22 - 2013-11-23 17:22 - 11617413 _____ C:\Users\Windows\Downloads\ColorSplash.themepack
2013-11-23 16:43 - 2012-03-13 12:39 - 00000000 ____D C:\Users\Windows\AppData\Roaming\HpUpdate
2013-11-23 14:17 - 2013-10-04 18:39 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Audacity
2013-11-21 20:02 - 2013-11-21 19:27 - 00000000 ____D C:\Program Files\ClocX
2013-11-21 19:50 - 2013-11-21 19:50 - 00000000 ____D C:\Users\Windows\Documents\Fax
2013-11-21 19:27 - 2013-11-21 19:27 - 20897282 _____ C:\Users\Windows\Downloads\ClocX160.exe
2013-11-21 18:55 - 2011-08-05 12:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\vlc
2013-11-21 18:40 - 2013-11-21 18:38 - 113110793 _____ C:\Users\Windows\Downloads\widescreen-wallpaper.zip
2013-11-21 18:24 - 2013-05-12 19:05 - 00000000 ____D C:\Users\Windows\AppData\Roaming\foobar2000
2013-11-21 17:38 - 2013-11-21 17:38 - 00001351 _____ C:\Users\Windows\Desktop\aida64 - Verknüpfung.lnk
2013-11-21 17:35 - 2013-11-21 17:35 - 00000852 _____ C:\Users\Windows\Desktop\Downloads - Verknüpfung.lnk
2013-11-21 17:14 - 2013-11-21 17:14 - 00000000 ____D C:\Users\Windows\Downloads\aida64extreme400
2013-11-20 16:17 - 2013-11-18 20:52 - 00000000 ____D C:\Users\Windows\Downloads\Windows Tools
2013-11-20 16:15 - 2013-11-20 16:15 - 00561712 _____ C:\Users\Windows\Downloads\VM311Map.zip
2013-11-20 14:16 - 2013-11-20 14:16 - 00001275 _____ C:\Users\Windows\Desktop\autoruns - Verknüpfung.lnk
2013-11-19 16:09 - 2011-07-30 09:49 - 00000000 ____D C:\Users\Windows\AppData\Local\Windows Live
2013-11-19 14:11 - 2013-11-19 14:08 - 145609959 _____ C:\Users\Windows\Downloads\Windows_7_Wallpaper.zip
2013-11-19 13:52 - 2013-11-19 13:48 - 182549774 _____ C:\Users\Windows\Downloads\Die_111_besten_Multi-Monitoring-Wallpaper.zip
2013-11-19 13:38 - 2013-11-19 13:38 - 00001203 _____ C:\Users\Windows\Desktop\Wallpaper.lnk
2013-11-19 13:29 - 2013-11-19 13:28 - 54998657 _____ C:\Users\Windows\Downloads\100_hotties.zip
2013-11-18 18:55 - 2011-07-18 22:10 - 00000000 ____D C:\Users\Windows\AppData\Local\CrashDumps
2013-11-17 21:07 - 2013-11-17 21:07 - 05511528 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved    ) C:\Users\Windows\Downloads\driveragent-setup-avg-794.exe
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\Users\Windows\Documents\AIDA64 Reports
2013-11-17 20:08 - 2013-11-17 20:08 - 00000000 ____D C:\Program Files\FinalWire
2013-11-17 19:39 - 2013-11-17 19:38 - 00000000 ____D C:\Users\Windows\Documents\EVEREST Reports
2013-11-17 19:08 - 2013-11-17 19:08 - 10255080 _____ (Lavalys, Inc.                                               ) C:\Users\Windows\Downloads\everestultimate550.exe
2013-11-17 18:07 - 2011-01-18 19:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-17 18:06 - 2013-11-17 16:24 - 00008064 _____ C:\Windows\DPINST.LOG
2013-11-17 16:28 - 2013-11-17 16:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\ArcSoft
2013-11-17 16:24 - 2013-11-17 16:24 - 00000000 ____D C:\Program Files\DIFX
2013-11-17 16:14 - 2013-11-17 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2013-11-17 12:35 - 2013-11-16 15:02 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ___RD C:\Program Files\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-16 15:02 - 2010-12-27 23:03 - 00000000 ____D C:\Program Files\Windows Live
2013-11-16 14:55 - 2013-11-16 14:54 - 35064992 _____ (Skype Technologies S.A.) C:\Users\Windows\Downloads\SkypeSetupFull.exe
2013-11-16 14:49 - 2012-09-18 15:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 14:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-16 14:42 - 2013-11-16 14:42 - 00000000 ____D C:\Windows\de
2013-11-16 14:39 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-16 14:37 - 2013-11-16 14:37 - 00002150 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ___RD C:\Users\Windows\SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-11-16 14:37 - 2011-01-18 16:13 - 00000000 ____D C:\Users\Windows
2013-11-16 14:30 - 2013-11-16 14:27 - 142602520 _____ (Microsoft Corporation) C:\Users\Windows\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-11-16 14:25 - 2013-11-16 12:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 14:21 - 2013-11-16 14:20 - 00000000 ____D C:\Users\Windows\AppData\Local\{02C5FB6C-C321-415D-BAD9-C7D950453B24}
2013-11-15 20:51 - 2013-11-15 20:50 - 00000000 ____D C:\Users\Windows\AppData\Local\{9F0950D9-5220-43E2-9092-3F7BAAC120BB}
2013-11-14 21:01 - 2011-07-23 19:31 - 00000000 ____D C:\Users\Windows\Documents\Briefe
2013-11-14 18:24 - 2013-04-26 15:04 - 00000000 ____D C:\Users\Windows\Documents\Horizont
2013-11-14 15:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-14 10:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-13 22:45 - 2011-06-29 10:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 22:41 - 2013-08-14 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:40 - 2011-07-17 21:38 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-12-27 23:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 11:31 - 2013-09-26 12:24 - 00575584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-07 11:31 - 2013-05-06 08:22 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-31 17:19 - 2013-10-31 17:18 - 00000000 ____D C:\Users\Windows\AppData\Local\{034C3ED8-8C0A-4C1D-834E-2A6743D9E3DB}

Some content of TEMP:
====================
C:\Users\Windows\AppData\Local\Temp\fm2Update251.exe
C:\Users\Windows\AppData\Local\Temp\fm3Update331.exe
C:\Users\Windows\AppData\Local\Temp\fm3Update333.exe
C:\Users\Windows\AppData\Local\Temp\ForteDependencies.exe
C:\Users\Windows\AppData\Local\Temp\GUninstaller.exe
C:\Users\Windows\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Windows\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Windows\AppData\Local\Temp\mgxfonts.exe
C:\Users\Windows\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows\AppData\Local\Temp\Setup_FORTE4Basic_de.exe
C:\Users\Windows\AppData\Local\Temp\uninst1.exe
C:\Users\Windows\AppData\Local\Temp\unwise.exe
C:\Users\Windows\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Windows\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Windows\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\Windows\AppData\Local\Temp\_is3112.exe
C:\Users\Windows\AppData\Local\Temp\_is7775.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 20:18

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01
Ran by Windows at 2013-11-26 13:58:40
Running from C:\Users\Windows\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Alps Pointing-device for VAIO
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Ashampoo Burning Studio 12 v.12.0.5 (Version: 12.0.5)
Audacity 2.0.4 (Version: 2.0.4)
Bing Bar (Version: 7.3.107.0)
BufferChm (Version: 130.0.331.000)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Fax (Version: 130.0.418.000)
Feuerwache 1.16
foobar2000 v1.2.6 (Version: 1.2.6)
FORTE 4 - Basic Edition (Version: 4)
Fotogalerie (Version: 16.4.3508.0205)
Fresh Minder 2 (Version: 2.5.0)
Fresh Minder 3 (Version: 3.0.0)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
ImagXpress (Version: 7.0.74.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 16.4.3508.0205)
Kaspersky Internet Security (Version: 14.0.0.4651)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
maxdome - Online Videothek (Version: 1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MPU 2013 Version 01.01.2013 (Version: 01.01.2013)
MPU easy Trainingssoftware
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero ControlCenter (Version: 11.0.15500)
Nero ControlCenter Help (CHM) (Version: 12.0.12000)
Nero Core Components (Version: 11.0.20200)
Nero Update (Version: 11.0.11800.31.0)
Nero WaveEditor (Version: 12.0.8000)
Nero WaveEditor (Version: 12.5.00100)
Nero WaveEditor Help (CHM) (Version: 12.0.7000)
neroxml (Version: 1.0.0)
Network (Version: 130.0.374.000)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Opera 12.02 (Version: 12.02.1578)
PC Aquarium Deluxe 3.0
Photo Common (Version: 16.4.3508.0205)
Photo Gallery (Version: 16.4.3508.0205)
Playlist Creator 3.6.2 (Version: 3.6.2.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Prerequisite installer (Version: 12.0.0003)
Rossmann Fotowelt Software 4.12.1 (Version: 4.12.1)
Scan (Version: 13.0.0.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies (Version: 13.0)
Skype™ 6.10 (Version: 6.10.104)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
SuperEasy Audio Converter 2 v.2.1.3063 (Version: 2.1.3063)
TomTom HOME (Version: 2.9.7)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VLC media player 2.0.8 (Version: 2.0.8)
WEB.DE MailCheck für Internet Explorer (Version: 2.4.0.0)
WEB.DE MailCheck für Mozilla Firefox (Version: 2.1.4.1420)
WEB.DE Softwareaktualisierung (Version: 3.0.0.55)
WebReg (Version: 130.0.132.017)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinZip 15.0 (Version: 15.0.9411)
Yamaha USB-MIDI Driver (Version: 3.1.2.3)

==================== Restore Points  =========================

12-11-2013 10:14:47 Windows Update
13-11-2013 21:39:48 Windows Update
16-11-2013 13:35:17 Windows Live Essentials
16-11-2013 13:37:45 DirectX wurde installiert
16-11-2013 13:38:32 DirectX wurde installiert
16-11-2013 13:39:06 DirectX wurde installiert
16-11-2013 13:39:59 WLSetup
17-11-2013 15:22:54 Installiert Philips SPC520NC Webcam
17-11-2013 15:24:11 Installiert VLounge
17-11-2013 17:05:37 Entfernt VLounge
17-11-2013 17:06:27 Entfernt Philips SPC520NC Webcam
18-11-2013 13:30:45 No23 Recorder wird entfernt
19-11-2013 09:45:30 Windows Update
22-11-2013 10:54:29 Windows Update
26-11-2013 09:49:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3B13B263-1F6D-4C53-8200-323B5C7AEBCC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3ECF1892-952C-46B8-8960-95CE24F09DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {457BB3C3-B29A-42ED-AF76-92204B590E06} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5DDE2DFF-8830-4491-BF3F-7E5E707E9057} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {6C348D60-E132-48F5-A08F-90FFA535059D} - System32\Tasks\Windows => C:\Program Files\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {6C7EB394-1D59-4089-934B-BDAA13D4C982} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {9373C2CC-DD33-4D7A-B595-576C4D9F8E20} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\DeviceCenter.exe [2012-06-26] (Microsoft)
Task: {A3B79643-4FE0-4557-AA0A-BB1377EA5F50} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {F05662CB-663D-4E1E-8E03-7C700EACD2D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Heiko\AppData\Roaming\default.rss:OECustomProperty
AlternateDataStreams: C:\Users\Windows\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: ssmdrv
Description: ssmdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ssmdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2013 03:41:24 PM) (Source: ESENT) (User: )
Description: taskhost (5416) Versuch, Datei "C:\Users\Windows\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (11/21/2013 08:12:13 PM) (Source: ESENT) (User: )
Description: taskhost (5296) Versuch, Datei "C:\Users\Heiko\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (11/18/2013 06:55:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_117.exe, Version: 11.9.900.117, Zeitstempel: 0x5244d3b6
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_117.exe, Version: 11.9.900.117, Zeitstempel: 0x5244d3b6
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b60
ID des fehlerhaften Prozesses: 0x268
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_9_900_117.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_117.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_117.exe2
Berichtskennung: FlashPlayerPlugin_11_9_900_117.exe3

Error: (11/17/2013 06:05:34 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2e6360e6-777a-4a3b-8340-7956c38aaf1a}

Error: (11/17/2013 04:22:50 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7251af1a-638f-470c-b0eb-d551bc0d2883}

Error: (11/16/2013 03:03:31 PM) (Source: MsiInstaller) (User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 03:03:26 PM) (Source: MsiInstaller) (User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 03:03:25 PM) (Source: MsiInstaller) (User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 03:03:24 PM) (Source: MsiInstaller) (User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 02:35:10 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {1086f9b7-1f68-495b-bf1f-fa3759e07c33}


System errors:
=============
Error: (11/26/2013 10:12:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/26/2013 10:12:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/26/2013 10:10:53 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ssmdrv

Error: (11/25/2013 10:01:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/25/2013 10:01:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/25/2013 09:59:33 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ssmdrv

Error: (11/25/2013 04:05:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/25/2013 04:05:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/25/2013 04:03:18 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ssmdrv

Error: (11/25/2013 03:38:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (11/25/2013 03:41:24 PM) (Source: ESENT)(User: )
Description: taskhost5416C:\Users\Windows\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/21/2013 08:12:13 PM) (Source: ESENT)(User: )
Description: taskhost5296C:\Users\Heiko\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/18/2013 06:55:39 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_9_900_117.exe11.9.900.1175244d3b6FlashPlayerPlugin_11_9_900_117.exe11.9.900.1175244d3b64000001500017b6026801cee481759817b8C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exea1bf9f68-507a-11e3-a285-20cf30cb12aa

Error: (11/17/2013 06:05:34 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2e6360e6-777a-4a3b-8340-7956c38aaf1a}

Error: (11/17/2013 04:22:50 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7251af1a-638f-470c-b0eb-d551bc0d2883}

Error: (11/16/2013 03:03:31 PM) (Source: MsiInstaller)(User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 03:03:26 PM) (Source: MsiInstaller)(User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 03:03:25 PM) (Source: MsiInstaller)(User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 03:03:24 PM) (Source: MsiInstaller)(User: Windows-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2013 02:35:10 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {1086f9b7-1f68-495b-bf1f-fa3759e07c33}


CodeIntegrity Errors:
===================================
  Date: 2013-11-26 11:48:37.889
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.889
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.889
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.873
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.873
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.873
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.858
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.858
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.858
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-26 11:48:37.842
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3071.23 MB
Available physical RAM: 1837.34 MB
Total Pagefile: 6140.74 MB
Available Pagefile: 4572.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.56 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:246.58 GB) (Free:178.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive i: (Volume) (Fixed) (Total:219.18 GB) (Free:174.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 78A0CD44)
Partition 1: (Active) - (Size=247 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
LG
__________________

Alt 27.11.2013, 08:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2013, 12:31   #5
Trojan0815
 
Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



hi

hier die nächsten logfiles

Code:
ATTFilter
# AdwCleaner v3.013 - Bericht erstellt am 27/11/2013 um 12:40:23
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Windows - WINDOWS-PC
# Gestartet von : C:\Users\Windows\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\087uobdp.default\prefs.js ]


[ Datei : C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\vcmqim16.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2431 octets] - [06/10/2013 19:50:55]
AdwCleaner[R1].txt - [4135 octets] - [25/11/2013 15:49:43]
AdwCleaner[R2].txt - [1345 octets] - [27/11/2013 12:38:49]
AdwCleaner[S0].txt - [4144 octets] - [25/11/2013 16:00:29]
AdwCleaner[S1].txt - [1266 octets] - [27/11/2013 12:40:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1326 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Windows on 27.11.2013 at 13:02:52,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{02C5FB6C-C321-415D-BAD9-C7D950453B24}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{034C3ED8-8C0A-4C1D-834E-2A6743D9E3DB}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{036668F5-E2BE-4867-BF90-A664BE0855F6}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{04F004EB-2E8E-4493-A2FD-8EA826A0137D}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{05FA4049-1735-4B6E-9FE1-1AA4121ED835}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{06DC9097-CEA7-456F-8B2D-24D01438A33F}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{07BB08DA-6049-4362-B0CA-C77EE6EB221F}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{0935EB5B-ABA9-43D0-9D3B-AEC2CB97E8A7}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{0987BDA0-CCBE-419D-BABE-9AC9D28C79C9}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{0DEADBD3-9248-4AD7-8580-3E51246BCE31}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{0E5537E1-1816-4B1B-B24D-AED74B32FC1F}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{0EE5BDF1-7DDB-4BB0-8135-6BBFC806A291}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{13D0A7D4-8EF1-47FE-86F8-F3B2E8A4B594}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{145B833D-7375-42F7-B632-D22DE170B174}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{14C095DC-E8C3-410E-902D-FB6016AA592A}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{16AA9C62-92AE-4C8F-B6FD-EC33C5A8B178}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{188D6B7D-68D1-4428-846C-608485CE452B}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{1E49BB82-C4AC-431A-A95D-08F818B78670}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{23E6967E-17C2-43DD-9709-35594D599F04}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{296DC10E-1C01-4656-BD6D-6107C2FFCA6E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{2976E7AB-07AC-472E-849B-4A8A28970F34}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{29CCC3C9-49F9-41C7-A652-CB1EF11451AE}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{2A30059F-5354-44AC-A603-F97CE5AA6681}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{2C25C58B-EF1C-492B-A868-B9AA17EF38AC}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{2CDA0347-A36D-433B-A3FD-51C90F653CB9}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{2EEC9B10-3380-4F3C-AF19-4ED9A45E7701}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{2FA5B033-3161-4D29-919E-793865E04FFB}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{31FC9BC9-035B-48B1-B1F1-7A09BD766522}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{32539BE5-0CD4-4F09-93BE-AE5C398EC17E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{3278E0B8-3010-45E8-B61A-292A2ACFBD58}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{348A945D-E3C7-4977-BE8D-4E19A30F5B80}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{3653194C-9F0D-467B-AF96-A0247EE40E14}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{379ABFF8-811E-4499-8D69-FE12F431A3F1}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{389CBBC5-4928-4249-9F5F-F8A6AA7EDEBC}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{39389629-2AD9-4BA6-A354-7695F55B128B}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{400B3793-C427-4560-8390-02C4E618C67E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{40D77A61-E2C1-4ABF-B8E1-77CF4BD7D91B}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{45CF9AF6-65DD-4F8B-A3EA-696B32897257}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{4621493E-E05A-4652-A416-4EB22071FD50}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{4C87F019-C1E4-4BEB-A790-9041BAF0D41C}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{4FFF7E7C-DBE7-4E60-820C-E8918693C0EC}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{5881690C-7DC5-4510-9707-0BEC4EA7D100}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{599387E6-37A6-4C2F-A2DC-8F6E885556D6}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{5F00868B-6DE1-473E-898F-F1379D475CB6}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{602F515C-C130-47ED-952A-B448D13DFEA8}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{60A38D8D-5D7A-485D-992D-9F5B37FF41A9}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{6499067E-9CD8-466D-AE09-3B10D918EDBD}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{675FD4B1-B59B-41A0-96C4-855101A271F9}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{6825126C-7A2A-422E-A6A6-93F75BCDA960}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{6D3678AD-65A5-47FA-B550-9BA5CE2016C5}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{6EA37C46-645E-456B-9F25-3E021DAA279F}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{706F32E7-55AC-4639-A3B0-FD2A7FBABD1C}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{723B13AC-E1AE-48C6-BBE7-670775EE4D89}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{72669409-24ED-4034-BC46-03B008136172}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{73BB3941-572E-49B4-B3D5-ED000B4937FC}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{76686814-9E9C-430A-A9B3-55EE5AD35835}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{77CFA18D-B318-413B-8BA7-2740D26AD12E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{7A20EF93-9F7D-4425-A11E-E88340999DDE}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{7A58EDAE-AC23-490A-9346-6944A0DFE07A}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{7CD5BA4E-0D1E-4D61-BB0E-5E17B3029FCD}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{7DA15D84-C30B-419F-9F94-9854A36CC97E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{7EE32B27-4D53-4D3D-B871-B4389E00CF25}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{80E913A3-BAA0-482D-8F54-4C4D2B2DBC81}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{82C873CE-7F81-4B47-B968-36581D52C2A3}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{84B621C2-276C-4182-8DC7-A113F58F24B7}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{89FC34EF-C2B3-4E76-AE2E-C07351A24252}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{8C007BD9-040E-439C-8907-FFE0F3E96966}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{8F4BE28C-532B-4BCE-B082-0BF81B3E031E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{93FCB549-62B1-4EF5-86B8-DDF0D92CB3C7}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{945091C5-1F39-4A11-BBBC-9E301D79F52C}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{956C3336-D9EC-417B-B014-9414ECB544B3}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{95F12F11-DABB-446F-9182-9F9ED27F5F99}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{980F0088-695A-446F-86C7-9691975DC53D}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{989A3EC0-E8CB-4857-A322-F1C463AF9211}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{993B4360-F348-4592-96F5-38B324B381E3}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{993DA515-6C3F-4273-B47D-47DE3CD82CA6}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{9A17C709-9235-4B3F-AA0D-4941073781BA}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{9A647D55-0B00-4E23-816B-B98C8DC2D36C}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{9F0950D9-5220-43E2-9092-3F7BAAC120BB}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{9FD2150D-0770-4833-94FA-6E6FA00FCACC}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A20B722F-451D-4156-B2DB-931A00AFF0C8}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A64ABF87-83F4-411E-9517-99BD63C1EBF4}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A6B3CD4E-1F87-4199-80AA-C0FB8687A736}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A7449619-E48E-470B-B9C7-D3B51D5A47F4}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A7E4918B-7674-4E9D-AC64-C11321E324E5}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A8CB851D-AE29-4E4A-901C-9F1F16731697}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A94765E2-99D2-434E-9121-8C3267420227}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{A9B824F7-3CF9-4BD2-873F-D31B1EF39C4F}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{AA38049C-C4B8-46EF-8064-C594008D1C6E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{AC2981A7-A874-4CAD-BE92-CA1E64A29F17}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{B1577C6F-6C93-426B-BAD7-08F2AF564E7A}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{B8375576-FE03-4033-80A9-8BE398519089}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{BD6285FF-4225-43B9-8DB9-B56EFB77BAB4}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{BE2606D2-47D6-4FB7-AFB0-1D54F9F8E677}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{BEDBB683-3F33-4963-B786-9ED61621DE14}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{BEEF63A9-03A4-4D17-9DBD-D287F6BAC3E1}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{C16078A1-F9F0-4B76-A0EC-A48B9C806873}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{C3BE7BED-DBCE-4678-829C-697040072821}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{C719FE4D-D1CB-4D32-BF82-29E050D581F1}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{C9C8E6EB-0822-48E8-9D5C-E46A644BB1FD}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{C9F2492B-57F3-4C36-A9CA-CB25E2C8F4FB}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{CA4CB7B2-6870-4EB5-B751-B95AE091657B}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{CBFDDE99-4D49-4918-85F0-5E1EEF5F5FA7}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{D2716426-E99D-45A1-87ED-F22BDA4CDBD3}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{D4739AEA-190D-4E79-B4DC-F4FCD06CD3D0}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{DBC6F251-5D06-470A-B66D-A2385D3107BF}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{DC079260-C435-49A2-9F53-7390A3135CB9}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{E189E241-2078-4F43-95E0-3648AC0076E0}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{E1D284FE-3E34-48DF-8ED9-D407ECF09492}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{E44CD7E4-5718-42C1-A7A5-ABD838713535}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{E5403566-2894-4FF4-A70F-E3606A807DF4}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EA2F6EB7-24DF-4D99-86AC-AB417C9B1FF5}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EA4C0ABC-BB39-4068-8C08-0771122CA845}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EA5F91B1-F7C6-4E84-999A-2E92184C4168}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EB6380A4-A908-4EF0-B097-DA61D2745425}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EB9D37BB-F876-4E8F-BD15-2BC848D2FC92}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EE44C89A-1352-40BA-9964-76D586EAD583}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{EF0477B5-2C71-4991-9572-C4BF1B71BD8E}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F08D3AEC-8300-4E2D-9693-F19069AE20D4}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F2EB7B83-2DD4-4BF0-B832-2BF86E63BC19}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F5BA5647-6E0F-40C4-966F-93E7D0AA6FF5}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F745E441-48D5-4AD9-B45D-2A5EDB0519CF}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F7D169C0-3743-4C4A-9CA7-7D327D2AEB4D}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F8A9D7B8-EF72-4BA0-8393-6FB80124AD95}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{F9DC2ABE-A64B-4208-A4AA-ADAF9E804B06}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{FA27F6A1-5070-41BC-96A4-8755BD80C252}
Successfully deleted: [Empty Folder] C:\Users\Windows\appdata\local\{FD5274BC-D76B-40A3-B024-09F2263C78B4}



~~~ FireFox

Emptied folder: C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\087uobdp.default\minidumps [354 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2013 at 13:05:02,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2013
Ran by Windows (administrator) on WINDOWS-PC on 27-11-2013 13:11:09
Running from C:\Users\Windows\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [167936 2011-08-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5041DF0B313ECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {B3A52782-75E1-4A9A-ACC4-56AD730FF6CF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C11568A1-82A3-4425-A051-C84ED2583FB7} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CE01661A-B772-46E8-BC23-4BDB1162A302} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {FBD4E46E-0B71-4987-B1FD-7DDEFBAF5089} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1680390235-139802754-1354624992-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Safe Money) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Gmail) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [575584 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
S3 SPC520; C:\Windows\System32\drivers\SPC520.sys [483328 2007-10-01] (Philips                                                     )
S3 SPC520m; C:\Windows\System32\drivers\SPC520m.sys [7680 2007-10-01] (Philips                                                     )
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [36040 2011-11-01] (Yamaha Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 13:11 - 2013-11-27 13:11 - 00018101 _____ C:\Users\Windows\Desktop\FRST.txt
2013-11-27 13:10 - 2013-11-27 13:10 - 01091793 _____ (Farbar) C:\Users\Windows\Desktop\FRST.exe
2013-11-27 13:05 - 2013-11-27 13:05 - 00014575 _____ C:\Users\Windows\Desktop\JRT.txt
2013-11-27 13:02 - 2013-11-27 13:02 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:57 - 2013-11-27 12:57 - 01034531 _____ (Thisisu) C:\Users\Windows\Desktop\JRT.exe
2013-11-27 12:49 - 2013-11-27 12:49 - 00000301 _____ C:\Users\Windows\Desktop\Malwarebytes findet desöfteren infizierte Objekte PUP.Optional... - Trojaner-Board.URL
2013-11-27 12:44 - 2013-11-27 12:44 - 00001406 _____ C:\Users\Windows\Desktop\AdwCleaner[S1].txt
2013-11-27 12:37 - 2013-11-27 12:37 - 01091882 _____ C:\Users\Windows\Desktop\adwcleaner.exe
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 16:06 - 2013-11-25 16:06 - 00004144 _____ C:\Users\Windows\Documents\AdwCleaner Bericht vom 25.11.2013.txt
2013-11-25 15:38 - 2013-11-25 15:38 - 00002242 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-23 18:55 - 2013-11-23 18:55 - 00000481 _____ C:\Users\Windows\Desktop\Anpassung - Verknüpfung.lnk
2013-11-23 17:22 - 2013-11-23 17:22 - 11617413 _____ C:\Users\Windows\Downloads\ColorSplash.themepack
2013-11-21 19:50 - 2013-11-21 19:50 - 00000000 ____D C:\Users\Windows\Documents\Fax
2013-11-21 19:27 - 2013-11-21 20:02 - 00000000 ____D C:\Program Files\ClocX
2013-11-21 19:27 - 2013-11-21 19:27 - 20897282 _____ C:\Users\Windows\Downloads\ClocX160.exe
2013-11-21 18:38 - 2013-11-21 18:40 - 113110793 _____ C:\Users\Windows\Downloads\widescreen-wallpaper.zip
2013-11-21 17:38 - 2013-11-21 17:38 - 00001351 _____ C:\Users\Windows\Desktop\aida64 - Verknüpfung.lnk
2013-11-21 17:35 - 2013-11-21 17:35 - 00000852 _____ C:\Users\Windows\Desktop\Downloads - Verknüpfung.lnk
2013-11-21 17:29 - 2011-07-18 20:40 - 00001375 _____ C:\Users\Windows\Desktop\Internet Explorer.lnk
2013-11-21 17:14 - 2013-11-21 17:14 - 00000000 ____D C:\Users\Windows\Downloads\aida64extreme400
2013-11-20 16:15 - 2013-11-20 16:15 - 00561712 _____ C:\Users\Windows\Downloads\VM311Map.zip
2013-11-20 14:16 - 2013-11-20 14:16 - 00001275 _____ C:\Users\Windows\Desktop\autoruns - Verknüpfung.lnk
2013-11-19 14:08 - 2013-11-19 14:11 - 145609959 _____ C:\Users\Windows\Downloads\Windows_7_Wallpaper.zip
2013-11-19 13:48 - 2013-11-19 13:52 - 182549774 _____ C:\Users\Windows\Downloads\Die_111_besten_Multi-Monitoring-Wallpaper.zip
2013-11-19 13:38 - 2013-11-19 13:38 - 00001203 _____ C:\Users\Windows\Desktop\Wallpaper.lnk
2013-11-19 13:28 - 2013-11-19 13:29 - 54998657 _____ C:\Users\Windows\Downloads\100_hotties.zip
2013-11-18 20:52 - 2013-11-20 16:17 - 00000000 ____D C:\Users\Windows\Downloads\Windows Tools
2013-11-17 21:07 - 2013-11-17 21:07 - 05511528 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved    ) C:\Users\Windows\Downloads\driveragent-setup-avg-794.exe
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\Users\Windows\Documents\AIDA64 Reports
2013-11-17 20:08 - 2013-11-17 20:08 - 00000000 ____D C:\Program Files\FinalWire
2013-11-17 19:38 - 2013-11-17 19:39 - 00000000 ____D C:\Users\Windows\Documents\EVEREST Reports
2013-11-17 19:08 - 2013-11-17 19:08 - 10255080 _____ (Lavalys, Inc.                                               ) C:\Users\Windows\Downloads\everestultimate550.exe
2013-11-17 16:28 - 2013-11-17 16:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\ArcSoft
2013-11-17 16:24 - 2013-11-17 18:06 - 00008064 _____ C:\Windows\DPINST.LOG
2013-11-17 16:24 - 2013-11-17 16:24 - 00000000 ____D C:\Program Files\DIFX
2013-11-17 16:24 - 1995-08-01 04:44 - 00212480 _____ (Eastman Kodak) C:\Windows\PCDLIB32.DLL
2013-11-17 16:23 - 2007-04-06 12:42 - 00073728 _____ (Philips) C:\Windows\VPro520.exe
2013-11-17 16:23 - 2003-03-19 06:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\MFC71.dll
2013-11-17 16:23 - 2003-02-21 13:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2013-11-17 16:14 - 2013-11-17 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2013-11-17 16:14 - 2007-10-01 14:38 - 00483328 _____ (Philips                                                     ) C:\Windows\system32\Drivers\SPC520.sys
2013-11-17 16:14 - 2007-10-01 14:38 - 00007680 _____ (Philips                                                     ) C:\Windows\system32\Drivers\SPC520m.sys
2013-11-17 16:14 - 2007-09-28 16:05 - 00307200 _____ (Philips) C:\Windows\system32\stvspc.ax
2013-11-16 15:02 - 2013-11-26 19:52 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2013-11-16 15:02 - 2013-11-17 12:35 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ___RD C:\Program Files\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-16 14:54 - 2013-11-16 14:55 - 35064992 _____ (Skype Technologies S.A.) C:\Users\Windows\Downloads\SkypeSetupFull.exe
2013-11-16 14:42 - 2013-11-16 14:42 - 00000000 ____D C:\Windows\de
2013-11-16 14:41 - 2013-02-05 22:57 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2013-11-16 14:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-16 14:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-16 14:39 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-16 14:39 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-16 14:37 - 2013-11-16 14:37 - 00002150 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ___RD C:\Users\Windows\SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-11-16 14:27 - 2013-11-16 14:30 - 142602520 _____ (Microsoft Corporation) C:\Users\Windows\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-11-16 12:17 - 2013-11-16 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 22:41 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 22:41 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 22:41 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 22:41 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 22:41 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 09:35 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:35 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:35 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:35 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:35 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:35 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:35 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:35 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:35 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:35 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:35 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:35 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:35 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:35 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:35 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:35 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:35 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:35 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-11-27 13:11 - 2013-11-27 13:11 - 00018101 _____ C:\Users\Windows\Desktop\FRST.txt
2013-11-27 13:10 - 2013-11-27 13:10 - 01091793 _____ (Farbar) C:\Users\Windows\Desktop\FRST.exe
2013-11-27 13:05 - 2013-11-27 13:05 - 00014575 _____ C:\Users\Windows\Desktop\JRT.txt
2013-11-27 13:02 - 2013-11-27 13:02 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:57 - 2013-11-27 12:57 - 01034531 _____ (Thisisu) C:\Users\Windows\Desktop\JRT.exe
2013-11-27 12:49 - 2013-11-27 12:49 - 00000301 _____ C:\Users\Windows\Desktop\Malwarebytes findet desöfteren infizierte Objekte PUP.Optional... - Trojaner-Board.URL
2013-11-27 12:49 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 12:49 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 12:47 - 2010-12-27 23:05 - 01536940 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 12:44 - 2013-11-27 12:44 - 00001406 _____ C:\Users\Windows\Desktop\AdwCleaner[S1].txt
2013-11-27 12:43 - 2013-09-26 12:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-27 12:42 - 2010-12-27 23:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-27 12:42 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 12:42 - 2009-07-14 05:39 - 00137639 _____ C:\Windows\setupact.log
2013-11-27 12:41 - 2011-01-18 16:13 - 01879933 _____ C:\Windows\WindowsUpdate.log
2013-11-27 12:40 - 2013-10-06 19:50 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:37 - 2013-11-27 12:37 - 01091882 _____ C:\Users\Windows\Desktop\adwcleaner.exe
2013-11-27 12:22 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 19:52 - 2013-11-16 15:02 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2013-11-26 19:17 - 2012-10-29 10:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 21:59 - 2011-01-19 16:25 - 00563164 _____ C:\Windows\PFRO.log
2013-11-25 16:06 - 2013-11-25 16:06 - 00004144 _____ C:\Users\Windows\Documents\AdwCleaner Bericht vom 25.11.2013.txt
2013-11-25 16:00 - 2011-08-04 11:10 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-25 15:39 - 2012-03-02 12:28 - 00127352 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:38 - 2013-11-25 15:38 - 00002242 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-23 18:55 - 2013-11-23 18:55 - 00000481 _____ C:\Users\Windows\Desktop\Anpassung - Verknüpfung.lnk
2013-11-23 17:22 - 2013-11-23 17:22 - 11617413 _____ C:\Users\Windows\Downloads\ColorSplash.themepack
2013-11-23 16:43 - 2012-03-13 12:39 - 00000000 ____D C:\Users\Windows\AppData\Roaming\HpUpdate
2013-11-23 14:17 - 2013-10-04 18:39 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Audacity
2013-11-21 20:02 - 2013-11-21 19:27 - 00000000 ____D C:\Program Files\ClocX
2013-11-21 19:50 - 2013-11-21 19:50 - 00000000 ____D C:\Users\Windows\Documents\Fax
2013-11-21 19:27 - 2013-11-21 19:27 - 20897282 _____ C:\Users\Windows\Downloads\ClocX160.exe
2013-11-21 18:55 - 2011-08-05 12:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\vlc
2013-11-21 18:40 - 2013-11-21 18:38 - 113110793 _____ C:\Users\Windows\Downloads\widescreen-wallpaper.zip
2013-11-21 18:24 - 2013-05-12 19:05 - 00000000 ____D C:\Users\Windows\AppData\Roaming\foobar2000
2013-11-21 17:38 - 2013-11-21 17:38 - 00001351 _____ C:\Users\Windows\Desktop\aida64 - Verknüpfung.lnk
2013-11-21 17:35 - 2013-11-21 17:35 - 00000852 _____ C:\Users\Windows\Desktop\Downloads - Verknüpfung.lnk
2013-11-21 17:14 - 2013-11-21 17:14 - 00000000 ____D C:\Users\Windows\Downloads\aida64extreme400
2013-11-20 16:17 - 2013-11-18 20:52 - 00000000 ____D C:\Users\Windows\Downloads\Windows Tools
2013-11-20 16:15 - 2013-11-20 16:15 - 00561712 _____ C:\Users\Windows\Downloads\VM311Map.zip
2013-11-20 14:16 - 2013-11-20 14:16 - 00001275 _____ C:\Users\Windows\Desktop\autoruns - Verknüpfung.lnk
2013-11-19 16:09 - 2011-07-30 09:49 - 00000000 ____D C:\Users\Windows\AppData\Local\Windows Live
2013-11-19 14:11 - 2013-11-19 14:08 - 145609959 _____ C:\Users\Windows\Downloads\Windows_7_Wallpaper.zip
2013-11-19 13:52 - 2013-11-19 13:48 - 182549774 _____ C:\Users\Windows\Downloads\Die_111_besten_Multi-Monitoring-Wallpaper.zip
2013-11-19 13:38 - 2013-11-19 13:38 - 00001203 _____ C:\Users\Windows\Desktop\Wallpaper.lnk
2013-11-19 13:29 - 2013-11-19 13:28 - 54998657 _____ C:\Users\Windows\Downloads\100_hotties.zip
2013-11-18 18:55 - 2011-07-18 22:10 - 00000000 ____D C:\Users\Windows\AppData\Local\CrashDumps
2013-11-17 21:07 - 2013-11-17 21:07 - 05511528 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved    ) C:\Users\Windows\Downloads\driveragent-setup-avg-794.exe
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\Users\Windows\Documents\AIDA64 Reports
2013-11-17 20:08 - 2013-11-17 20:08 - 00000000 ____D C:\Program Files\FinalWire
2013-11-17 19:39 - 2013-11-17 19:38 - 00000000 ____D C:\Users\Windows\Documents\EVEREST Reports
2013-11-17 19:08 - 2013-11-17 19:08 - 10255080 _____ (Lavalys, Inc.                                               ) C:\Users\Windows\Downloads\everestultimate550.exe
2013-11-17 18:07 - 2011-01-18 19:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-17 18:06 - 2013-11-17 16:24 - 00008064 _____ C:\Windows\DPINST.LOG
2013-11-17 16:28 - 2013-11-17 16:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\ArcSoft
2013-11-17 16:24 - 2013-11-17 16:24 - 00000000 ____D C:\Program Files\DIFX
2013-11-17 16:14 - 2013-11-17 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2013-11-17 12:35 - 2013-11-16 15:02 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ___RD C:\Program Files\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-16 15:02 - 2010-12-27 23:03 - 00000000 ____D C:\Program Files\Windows Live
2013-11-16 14:55 - 2013-11-16 14:54 - 35064992 _____ (Skype Technologies S.A.) C:\Users\Windows\Downloads\SkypeSetupFull.exe
2013-11-16 14:49 - 2012-09-18 15:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 14:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-16 14:42 - 2013-11-16 14:42 - 00000000 ____D C:\Windows\de
2013-11-16 14:39 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-16 14:37 - 2013-11-16 14:37 - 00002150 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ___RD C:\Users\Windows\SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-11-16 14:37 - 2011-01-18 16:13 - 00000000 ____D C:\Users\Windows
2013-11-16 14:30 - 2013-11-16 14:27 - 142602520 _____ (Microsoft Corporation) C:\Users\Windows\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-11-16 14:25 - 2013-11-16 12:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 21:01 - 2011-07-23 19:31 - 00000000 ____D C:\Users\Windows\Documents\Briefe
2013-11-14 18:24 - 2013-04-26 15:04 - 00000000 ____D C:\Users\Windows\Documents\Horizont
2013-11-14 15:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-14 10:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-13 22:45 - 2011-06-29 10:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 22:41 - 2013-08-14 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:40 - 2011-07-17 21:38 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-12-27 23:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 11:31 - 2013-09-26 12:24 - 00575584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-07 11:31 - 2013-05-06 08:22 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

Some content of TEMP:
====================
C:\Users\Windows\AppData\Local\Temp\fm2Update251.exe
C:\Users\Windows\AppData\Local\Temp\fm3Update331.exe
C:\Users\Windows\AppData\Local\Temp\fm3Update333.exe
C:\Users\Windows\AppData\Local\Temp\ForteDependencies.exe
C:\Users\Windows\AppData\Local\Temp\GUninstaller.exe
C:\Users\Windows\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Windows\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Windows\AppData\Local\Temp\mgxfonts.exe
C:\Users\Windows\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows\AppData\Local\Temp\Setup_FORTE4Basic_de.exe
C:\Users\Windows\AppData\Local\Temp\uninst1.exe
C:\Users\Windows\AppData\Local\Temp\unwise.exe
C:\Users\Windows\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Windows\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Windows\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\Windows\AppData\Local\Temp\_is3112.exe
C:\Users\Windows\AppData\Local\Temp\_is7775.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 20:18

==================== End Of Log ============================
         
--- --- ---


gruß


Alt 28.11.2013, 08:19   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...

Alt 28.11.2013, 18:57   #7
Trojan0815
 
Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



Hier sind die Logfiles:

Eset Online Scanner:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8a9cf41c1266db4bbb5903fb86847930
# engine=16060
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-28 02:03:15
# local_time=2013-11-28 03:03:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 93312 137278586 0 0
# scanned=206705
# found=1
# cleaned=0
# scan_time=5717
sh=80AB596B8D1D79B5747538E955F725E97A75B814 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="C:\Users\Heiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\703f1f92-7e7f9478"
         
SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 	11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2013 01
Ran by Windows (administrator) on WINDOWS-PC on 28-11-2013 15:41:00
Running from C:\Users\Windows\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [167936 2011-08-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1766464 2013-10-16] (1und1 Mail und Media GmbH)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5041DF0B313ECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {B3A52782-75E1-4A9A-ACC4-56AD730FF6CF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C11568A1-82A3-4425-A051-C84ED2583FB7} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CE01661A-B772-46E8-BC23-4BDB1162A302} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {FBD4E46E-0B71-4987-B1FD-7DDEFBAF5089} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1680390235-139802754-1354624992-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Windows\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Safe Money) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Gmail) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [575584 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
S3 SPC520; C:\Windows\System32\drivers\SPC520.sys [483328 2007-10-01] (Philips                                                     )
S3 SPC520m; C:\Windows\System32\drivers\SPC520m.sys [7680 2007-10-01] (Philips                                                     )
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [36040 2011-11-01] (Yamaha Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\DRIVERS\Apfiltr.sys FC6AEB7AB79FECEBE48FD153757FF90B
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\atikmdag.sys 712D8A95E45B070114C5309ADA7358FF
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 2B3BF55BA74EB8118F67AB2B450B8EA9
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C
C:\Windows\System32\DRIVERS\klflt.sys D6EBD44B4D2D715DEA649933EA6639A1
C:\Windows\System32\DRIVERS\klif.sys EF3779A3F4ECDB94DAA6E744814195B1
C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96
C:\Windows\System32\DRIVERS\klkbdflt.sys 249A266AF74ADE44AE8424E78D145E09
C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3
C:\Windows\System32\DRIVERS\klpd.sys EB0D72D2844C57F5F146D7A15B04FBF9
C:\Windows\System32\DRIVERS\kltdi.sys 040A3BC4AF5A0430A1D9A758F076465E
C:\Windows\System32\DRIVERS\kneps.sys AE46F121AAB18E1C98126D3C79DE8395
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ASACPI.sys CBE71C122434805CB73FFB6619F60598
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
C:\Windows\System32\drivers\nvhda32v.sys 77F9F9A199B87FE3F852E12F5419240B
C:\Windows\System32\DRIVERS\nvlddmkm.sys B69E6F70CE1151C8D62ABC9DEF64DFBE
C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\phaudlwr.sys 021968ED24B4E44BABAF11FBF8C4FB86
C:\Windows\System32\DRIVERS\point32.sys 4B30EE7037EA1529F5FC80DE5DC42A30
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\drivers\SPC520.sys DA820CF259A332F3CB8B2F647B111892
C:\Windows\System32\drivers\SPC520m.sys 76369A6A4CF64BD2B2DD6D8DBB685912
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\System32\DRIVERS\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\drivers\ymidusbw.sys 8A626974F768A6A1DEF184002B088D84

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 15:41 - 2013-11-28 15:41 - 00033875 _____ C:\Users\Windows\Desktop\FRST.txt
2013-11-28 15:38 - 2013-11-28 15:38 - 01091827 _____ (Farbar) C:\Users\Windows\Desktop\FRST.exe
2013-11-28 15:33 - 2013-11-28 15:34 - 00000000 ____D C:\Users\Windows\Desktop\28.11.2013
2013-11-28 15:32 - 2013-11-28 15:32 - 00000993 _____ C:\Users\Windows\Desktop\checkup.txt
2013-11-28 15:26 - 2013-11-28 15:26 - 00891184 _____ C:\Users\Windows\Desktop\SecurityCheck.exe
2013-11-28 13:20 - 2013-11-28 13:20 - 02347384 _____ (ESET) C:\Users\Windows\Desktop\esetsmartinstaller_enu.exe
2013-11-27 13:02 - 2013-11-27 13:02 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:57 - 2013-11-27 12:57 - 01034531 _____ (Thisisu) C:\Users\Windows\Desktop\JRT.exe
2013-11-27 12:49 - 2013-11-27 12:49 - 00000301 _____ C:\Users\Windows\Desktop\Malwarebytes findet desöfteren infizierte Objekte PUP.Optional... - Trojaner-Board.URL
2013-11-27 12:37 - 2013-11-27 12:37 - 01091882 _____ C:\Users\Windows\Desktop\adwcleaner.exe
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 16:06 - 2013-11-25 16:06 - 00004144 _____ C:\Users\Windows\Documents\AdwCleaner Bericht vom 25.11.2013.txt
2013-11-25 15:38 - 2013-11-25 15:38 - 00002242 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-23 18:55 - 2013-11-23 18:55 - 00000481 _____ C:\Users\Windows\Desktop\Anpassung - Verknüpfung.lnk
2013-11-23 17:22 - 2013-11-23 17:22 - 11617413 _____ C:\Users\Windows\Downloads\ColorSplash.themepack
2013-11-21 19:50 - 2013-11-21 19:50 - 00000000 ____D C:\Users\Windows\Documents\Fax
2013-11-21 19:27 - 2013-11-21 20:02 - 00000000 ____D C:\Program Files\ClocX
2013-11-21 19:27 - 2013-11-21 19:27 - 20897282 _____ C:\Users\Windows\Downloads\ClocX160.exe
2013-11-21 18:38 - 2013-11-21 18:40 - 113110793 _____ C:\Users\Windows\Downloads\widescreen-wallpaper.zip
2013-11-21 17:38 - 2013-11-21 17:38 - 00001351 _____ C:\Users\Windows\Desktop\aida64 - Verknüpfung.lnk
2013-11-21 17:35 - 2013-11-21 17:35 - 00000852 _____ C:\Users\Windows\Desktop\Downloads - Verknüpfung.lnk
2013-11-21 17:29 - 2011-07-18 20:40 - 00001375 _____ C:\Users\Windows\Desktop\Internet Explorer.lnk
2013-11-21 17:14 - 2013-11-21 17:14 - 00000000 ____D C:\Users\Windows\Downloads\aida64extreme400
2013-11-20 16:15 - 2013-11-20 16:15 - 00561712 _____ C:\Users\Windows\Downloads\VM311Map.zip
2013-11-20 14:16 - 2013-11-20 14:16 - 00001275 _____ C:\Users\Windows\Desktop\autoruns - Verknüpfung.lnk
2013-11-19 14:08 - 2013-11-19 14:11 - 145609959 _____ C:\Users\Windows\Downloads\Windows_7_Wallpaper.zip
2013-11-19 13:48 - 2013-11-19 13:52 - 182549774 _____ C:\Users\Windows\Downloads\Die_111_besten_Multi-Monitoring-Wallpaper.zip
2013-11-19 13:38 - 2013-11-19 13:38 - 00001203 _____ C:\Users\Windows\Desktop\Wallpaper.lnk
2013-11-19 13:28 - 2013-11-19 13:29 - 54998657 _____ C:\Users\Windows\Downloads\100_hotties.zip
2013-11-18 20:52 - 2013-11-20 16:17 - 00000000 ____D C:\Users\Windows\Downloads\Windows Tools
2013-11-17 21:07 - 2013-11-17 21:07 - 05511528 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved    ) C:\Users\Windows\Downloads\driveragent-setup-avg-794.exe
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\Users\Windows\Documents\AIDA64 Reports
2013-11-17 20:08 - 2013-11-17 20:08 - 00000000 ____D C:\Program Files\FinalWire
2013-11-17 19:38 - 2013-11-17 19:39 - 00000000 ____D C:\Users\Windows\Documents\EVEREST Reports
2013-11-17 19:08 - 2013-11-17 19:08 - 10255080 _____ (Lavalys, Inc.                                               ) C:\Users\Windows\Downloads\everestultimate550.exe
2013-11-17 16:28 - 2013-11-17 16:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\ArcSoft
2013-11-17 16:24 - 2013-11-17 18:06 - 00008064 _____ C:\Windows\DPINST.LOG
2013-11-17 16:24 - 2013-11-17 16:24 - 00000000 ____D C:\Program Files\DIFX
2013-11-17 16:24 - 1995-08-01 04:44 - 00212480 _____ (Eastman Kodak) C:\Windows\PCDLIB32.DLL
2013-11-17 16:23 - 2007-04-06 12:42 - 00073728 _____ (Philips) C:\Windows\VPro520.exe
2013-11-17 16:23 - 2003-03-19 06:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\MFC71.dll
2013-11-17 16:23 - 2003-02-21 13:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2013-11-17 16:14 - 2013-11-17 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2013-11-17 16:14 - 2007-10-01 14:38 - 00483328 _____ (Philips                                                     ) C:\Windows\system32\Drivers\SPC520.sys
2013-11-17 16:14 - 2007-10-01 14:38 - 00007680 _____ (Philips                                                     ) C:\Windows\system32\Drivers\SPC520m.sys
2013-11-17 16:14 - 2007-09-28 16:05 - 00307200 _____ (Philips) C:\Windows\system32\stvspc.ax
2013-11-16 15:02 - 2013-11-26 19:52 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2013-11-16 15:02 - 2013-11-17 12:35 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ___RD C:\Program Files\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-16 14:54 - 2013-11-16 14:55 - 35064992 _____ (Skype Technologies S.A.) C:\Users\Windows\Downloads\SkypeSetupFull.exe
2013-11-16 14:42 - 2013-11-16 14:42 - 00000000 ____D C:\Windows\de
2013-11-16 14:41 - 2013-02-05 22:57 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2013-11-16 14:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-16 14:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-16 14:39 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-16 14:39 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-16 14:37 - 2013-11-16 14:37 - 00002150 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ___RD C:\Users\Windows\SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-11-16 14:27 - 2013-11-16 14:30 - 142602520 _____ (Microsoft Corporation) C:\Users\Windows\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-11-16 12:17 - 2013-11-16 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 22:41 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 22:41 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 22:41 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 22:41 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 22:41 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 22:41 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 09:35 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:35 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:35 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:35 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:35 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:35 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:35 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:35 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:35 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:35 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:35 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:35 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:35 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:35 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:35 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:35 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:35 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:35 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-11-28 15:41 - 2013-11-28 15:41 - 00033875 _____ C:\Users\Windows\Desktop\FRST.txt
2013-11-28 15:38 - 2013-11-28 15:38 - 01091827 _____ (Farbar) C:\Users\Windows\Desktop\FRST.exe
2013-11-28 15:34 - 2013-11-28 15:33 - 00000000 ____D C:\Users\Windows\Desktop\28.11.2013
2013-11-28 15:32 - 2013-11-28 15:32 - 00000993 _____ C:\Users\Windows\Desktop\checkup.txt
2013-11-28 15:26 - 2013-11-28 15:26 - 00891184 _____ C:\Users\Windows\Desktop\SecurityCheck.exe
2013-11-28 15:17 - 2012-10-29 10:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 15:14 - 2011-01-18 16:13 - 01961159 _____ C:\Windows\WindowsUpdate.log
2013-11-28 13:20 - 2013-11-28 13:20 - 02347384 _____ (ESET) C:\Users\Windows\Desktop\esetsmartinstaller_enu.exe
2013-11-28 13:19 - 2010-12-27 23:05 - 01536940 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 12:59 - 2013-09-26 12:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-28 12:49 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 12:49 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 12:42 - 2010-12-27 23:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-28 12:42 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 12:42 - 2009-07-14 05:39 - 00137695 _____ C:\Windows\setupact.log
2013-11-27 17:06 - 2013-05-12 19:05 - 00000000 ____D C:\Users\Windows\AppData\Roaming\foobar2000
2013-11-27 14:20 - 2013-10-18 19:50 - 00001122 _____ C:\Users\Windows\Desktop\Mikrofon - Verknüpfung.lnk
2013-11-27 13:02 - 2013-11-27 13:02 - 00000000 ____D C:\Windows\ERUNT
2013-11-27 12:57 - 2013-11-27 12:57 - 01034531 _____ (Thisisu) C:\Users\Windows\Desktop\JRT.exe
2013-11-27 12:49 - 2013-11-27 12:49 - 00000301 _____ C:\Users\Windows\Desktop\Malwarebytes findet desöfteren infizierte Objekte PUP.Optional... - Trojaner-Board.URL
2013-11-27 12:40 - 2013-10-06 19:50 - 00000000 ____D C:\AdwCleaner
2013-11-27 12:37 - 2013-11-27 12:37 - 01091882 _____ C:\Users\Windows\Desktop\adwcleaner.exe
2013-11-27 12:22 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 19:52 - 2013-11-16 15:02 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2013-11-26 13:57 - 2013-11-26 13:57 - 00000000 ____D C:\FRST
2013-11-25 21:59 - 2011-01-19 16:25 - 00563164 _____ C:\Windows\PFRO.log
2013-11-25 16:06 - 2013-11-25 16:06 - 00004144 _____ C:\Users\Windows\Documents\AdwCleaner Bericht vom 25.11.2013.txt
2013-11-25 16:00 - 2011-08-04 11:10 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-25 15:39 - 2012-03-02 12:28 - 00127352 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:38 - 2013-11-25 15:38 - 00002242 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-23 18:55 - 2013-11-23 18:55 - 00000481 _____ C:\Users\Windows\Desktop\Anpassung - Verknüpfung.lnk
2013-11-23 17:22 - 2013-11-23 17:22 - 11617413 _____ C:\Users\Windows\Downloads\ColorSplash.themepack
2013-11-23 16:43 - 2012-03-13 12:39 - 00000000 ____D C:\Users\Windows\AppData\Roaming\HpUpdate
2013-11-23 14:17 - 2013-10-04 18:39 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Audacity
2013-11-21 20:02 - 2013-11-21 19:27 - 00000000 ____D C:\Program Files\ClocX
2013-11-21 19:50 - 2013-11-21 19:50 - 00000000 ____D C:\Users\Windows\Documents\Fax
2013-11-21 19:27 - 2013-11-21 19:27 - 20897282 _____ C:\Users\Windows\Downloads\ClocX160.exe
2013-11-21 18:55 - 2011-08-05 12:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\vlc
2013-11-21 18:40 - 2013-11-21 18:38 - 113110793 _____ C:\Users\Windows\Downloads\widescreen-wallpaper.zip
2013-11-21 17:38 - 2013-11-21 17:38 - 00001351 _____ C:\Users\Windows\Desktop\aida64 - Verknüpfung.lnk
2013-11-21 17:35 - 2013-11-21 17:35 - 00000852 _____ C:\Users\Windows\Desktop\Downloads - Verknüpfung.lnk
2013-11-21 17:14 - 2013-11-21 17:14 - 00000000 ____D C:\Users\Windows\Downloads\aida64extreme400
2013-11-20 16:17 - 2013-11-18 20:52 - 00000000 ____D C:\Users\Windows\Downloads\Windows Tools
2013-11-20 16:15 - 2013-11-20 16:15 - 00561712 _____ C:\Users\Windows\Downloads\VM311Map.zip
2013-11-20 14:16 - 2013-11-20 14:16 - 00001275 _____ C:\Users\Windows\Desktop\autoruns - Verknüpfung.lnk
2013-11-19 16:09 - 2011-07-30 09:49 - 00000000 ____D C:\Users\Windows\AppData\Local\Windows Live
2013-11-19 14:11 - 2013-11-19 14:08 - 145609959 _____ C:\Users\Windows\Downloads\Windows_7_Wallpaper.zip
2013-11-19 13:52 - 2013-11-19 13:48 - 182549774 _____ C:\Users\Windows\Downloads\Die_111_besten_Multi-Monitoring-Wallpaper.zip
2013-11-19 13:38 - 2013-11-19 13:38 - 00001203 _____ C:\Users\Windows\Desktop\Wallpaper.lnk
2013-11-19 13:29 - 2013-11-19 13:28 - 54998657 _____ C:\Users\Windows\Downloads\100_hotties.zip
2013-11-18 18:55 - 2011-07-18 22:10 - 00000000 ____D C:\Users\Windows\AppData\Local\CrashDumps
2013-11-17 21:07 - 2013-11-17 21:07 - 05511528 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved    ) C:\Users\Windows\Downloads\driveragent-setup-avg-794.exe
2013-11-17 20:47 - 2013-11-17 20:47 - 00000000 ____D C:\Users\Windows\Documents\AIDA64 Reports
2013-11-17 20:08 - 2013-11-17 20:08 - 00000000 ____D C:\Program Files\FinalWire
2013-11-17 19:39 - 2013-11-17 19:38 - 00000000 ____D C:\Users\Windows\Documents\EVEREST Reports
2013-11-17 19:08 - 2013-11-17 19:08 - 10255080 _____ (Lavalys, Inc.                                               ) C:\Users\Windows\Downloads\everestultimate550.exe
2013-11-17 18:07 - 2011-01-18 19:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-17 18:06 - 2013-11-17 16:24 - 00008064 _____ C:\Windows\DPINST.LOG
2013-11-17 16:28 - 2013-11-17 16:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\ArcSoft
2013-11-17 16:24 - 2013-11-17 16:24 - 00000000 ____D C:\Program Files\DIFX
2013-11-17 16:14 - 2013-11-17 16:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_phaudlwr_01005.Wdf
2013-11-17 12:35 - 2013-11-16 15:02 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ___RD C:\Program Files\Skype
2013-11-16 15:02 - 2013-11-16 15:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-16 15:02 - 2010-12-27 23:03 - 00000000 ____D C:\Program Files\Windows Live
2013-11-16 14:55 - 2013-11-16 14:54 - 35064992 _____ (Skype Technologies S.A.) C:\Users\Windows\Downloads\SkypeSetupFull.exe
2013-11-16 14:49 - 2012-09-18 15:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 14:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-16 14:42 - 2013-11-16 14:42 - 00000000 ____D C:\Windows\de
2013-11-16 14:39 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-16 14:37 - 2013-11-16 14:37 - 00002150 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00002044 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ___RD C:\Users\Windows\SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-11-16 14:37 - 2013-11-16 14:37 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-11-16 14:37 - 2011-01-18 16:13 - 00000000 ____D C:\Users\Windows
2013-11-16 14:30 - 2013-11-16 14:27 - 142602520 _____ (Microsoft Corporation) C:\Users\Windows\Downloads\wlsetup-all_16.4.3508.0205.exe
2013-11-16 14:25 - 2013-11-16 12:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 21:01 - 2011-07-23 19:31 - 00000000 ____D C:\Users\Windows\Documents\Briefe
2013-11-14 18:24 - 2013-04-26 15:04 - 00000000 ____D C:\Users\Windows\Documents\Horizont
2013-11-14 15:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-14 10:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-13 22:45 - 2011-06-29 10:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 22:41 - 2013-08-14 22:16 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:40 - 2011-07-17 21:38 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-12-27 23:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 11:31 - 2013-09-26 12:24 - 00575584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-07 11:31 - 2013-05-06 08:22 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

Some content of TEMP:
====================
C:\Users\Windows\AppData\Local\Temp\fm2Update251.exe
C:\Users\Windows\AppData\Local\Temp\fm3Update331.exe
C:\Users\Windows\AppData\Local\Temp\fm3Update333.exe
C:\Users\Windows\AppData\Local\Temp\ForteDependencies.exe
C:\Users\Windows\AppData\Local\Temp\GUninstaller.exe
C:\Users\Windows\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Windows\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Windows\AppData\Local\Temp\mgxfonts.exe
C:\Users\Windows\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows\AppData\Local\Temp\Setup_FORTE4Basic_de.exe
C:\Users\Windows\AppData\Local\Temp\uninst1.exe
C:\Users\Windows\AppData\Local\Temp\unwise.exe
C:\Users\Windows\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Windows\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Windows\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\Windows\AppData\Local\Temp\_is3112.exe
C:\Users\Windows\AppData\Local\Temp\_is7775.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {9bad90c0-1203-11e0-bff8-20cf30cb12aa}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {9bad90c2-1203-11e0-bff8-20cf30cb12aa}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9bad90c0-1203-11e0-bff8-20cf30cb12aa}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {9bad90c2-1203-11e0-bff8-20cf30cb12aa}
device                  ramdisk=[C:]\Recovery\9bad90c2-1203-11e0-bff8-20cf30cb12aa\Winre.wim,{9bad90c3-1203-11e0-bff8-20cf30cb12aa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\9bad90c2-1203-11e0-bff8-20cf30cb12aa\Winre.wim,{9bad90c3-1203-11e0-bff8-20cf30cb12aa}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {9bad90c0-1203-11e0-bff8-20cf30cb12aa}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {9bad90c3-1203-11e0-bff8-20cf30cb12aa}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\9bad90c2-1203-11e0-bff8-20cf30cb12aa\boot.sdi



LastRegBack: 2013-11-20 20:18

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-11-2013 01
Ran by Windows at 2013-11-28 15:41:41
Running from C:\Users\Windows\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Alps Pointing-device for VAIO
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Ashampoo Burning Studio 12 v.12.0.5 (Version: 12.0.5)
Audacity 2.0.4 (Version: 2.0.4)
Bing Bar (Version: 7.3.107.0)
BufferChm (Version: 130.0.331.000)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Fax (Version: 130.0.418.000)
Feuerwache 1.16
foobar2000 v1.2.6 (Version: 1.2.6)
FORTE 4 - Basic Edition (Version: 4)
Fotogalerie (Version: 16.4.3508.0205)
Fresh Minder 2 (Version: 2.5.0)
Fresh Minder 3 (Version: 3.0.0)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
ImagXpress (Version: 7.0.74.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 16.4.3508.0205)
Kaspersky Internet Security (Version: 14.0.0.4651)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
maxdome - Online Videothek (Version: 1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MPU 2013 Version 01.01.2013 (Version: 01.01.2013)
MPU easy Trainingssoftware
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero ControlCenter (Version: 11.0.15500)
Nero ControlCenter Help (CHM) (Version: 12.0.12000)
Nero Core Components (Version: 11.0.20200)
Nero Update (Version: 11.0.11800.31.0)
Nero WaveEditor (Version: 12.0.8000)
Nero WaveEditor (Version: 12.5.00100)
Nero WaveEditor Help (CHM) (Version: 12.0.7000)
neroxml (Version: 1.0.0)
Network (Version: 130.0.374.000)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Opera 12.02 (Version: 12.02.1578)
PC Aquarium Deluxe 3.0
Photo Common (Version: 16.4.3508.0205)
Photo Gallery (Version: 16.4.3508.0205)
Playlist Creator 3.6.2 (Version: 3.6.2.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Prerequisite installer (Version: 12.0.0003)
Rossmann Fotowelt Software 4.12.1 (Version: 4.12.1)
Scan (Version: 13.0.0.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies (Version: 13.0)
Skype™ 6.10 (Version: 6.10.104)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
SuperEasy Audio Converter 2 v.2.1.3063 (Version: 2.1.3063)
TomTom HOME (Version: 2.9.7)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VLC media player 2.0.8 (Version: 2.0.8)
WEB.DE MailCheck für Internet Explorer (Version: 2.4.0.0)
WEB.DE MailCheck für Mozilla Firefox (Version: 2.1.4.1420)
WEB.DE Softwareaktualisierung (Version: 3.0.0.55)
WebReg (Version: 130.0.132.017)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinZip 15.0 (Version: 15.0.9411)
Yamaha USB-MIDI Driver (Version: 3.1.2.3)

==================== Restore Points  =========================

12-11-2013 10:14:47 Windows Update
13-11-2013 21:39:48 Windows Update
16-11-2013 13:35:17 Windows Live Essentials
16-11-2013 13:37:45 DirectX wurde installiert
16-11-2013 13:38:32 DirectX wurde installiert
16-11-2013 13:39:06 DirectX wurde installiert
16-11-2013 13:39:59 WLSetup
17-11-2013 15:22:54 Installiert Philips SPC520NC Webcam
17-11-2013 15:24:11 Installiert VLounge
17-11-2013 17:05:37 Entfernt VLounge
17-11-2013 17:06:27 Entfernt Philips SPC520NC Webcam
18-11-2013 13:30:45 No23 Recorder wird entfernt
19-11-2013 09:45:30 Windows Update
22-11-2013 10:54:29 Windows Update
26-11-2013 09:49:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3B13B263-1F6D-4C53-8200-323B5C7AEBCC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3ECF1892-952C-46B8-8960-95CE24F09DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {457BB3C3-B29A-42ED-AF76-92204B590E06} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6C348D60-E132-48F5-A08F-90FFA535059D} - System32\Tasks\Windows => C:\Program Files\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {6C7EB394-1D59-4089-934B-BDAA13D4C982} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {9373C2CC-DD33-4D7A-B595-576C4D9F8E20} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\DeviceCenter.exe [2012-06-26] (Microsoft)
Task: {A3B79643-4FE0-4557-AA0A-BB1377EA5F50} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {F05662CB-663D-4E1E-8E03-7C700EACD2D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-16 12:17 - 2013-11-16 12:17 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Heiko\AppData\Roaming\default.rss:OECustomProperty
AlternateDataStreams: C:\Users\Windows\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: ssmdrv
Description: ssmdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ssmdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/28/2013 00:45:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (11/28/2013 00:45:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (11/28/2013 00:45:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (11/28/2013 00:45:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (11/28/2013 00:44:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/28/2013 00:44:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/28/2013 00:42:18 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ssmdrv


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-27 14:03:01.038
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:01.038
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:01.038
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:01.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:01.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:01.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:01.007
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:00.991
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:00.991
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-27 14:03:00.991
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3071.23 MB
Available physical RAM: 1757.6 MB
Total Pagefile: 6140.74 MB
Available Pagefile: 4779.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.89 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:246.58 GB) (Free:178.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive i: (Volume) (Fixed) (Total:219.18 GB) (Free:175.12 GB) NTFS
Drive j: (TRANSCEND) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 78A0CD44)
Partition 1: (Active) - (Size=247 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         
Der Eset Online Scanner hat ja ein Trojaner gefunden. Hat er ihn gelöscht?
Ich frage mich, warum mein kostenpflichtiges Kaspersky Internet Security den Trojaner nicht gefunden hat.
Ansonsten findet Malwarebytes jetzt auch nichts mehr.

Alt 29.11.2013, 14:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



Frag am Besten Kaspersky

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.11.2013, 12:34   #9
Trojan0815
 
Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



hi schrauber,

es scheint alles OK zu sein. Vielen Dank für Deine Hilfe. Du kannst den Thread aus Deinen Abos löschen.

Viele Grüße

Alt 01.12.2013, 09:07   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Standard

Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...
administrator, anti-malware, autostart, entfernen, gelöscht, interne, java/exploit.agent.nms, kaspersky, logfile, pup.optional.babylon.a, pup.optional.downloadsponsor.a, quarantäne, service, temp, version



Ähnliche Themen: Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional...


  1. Windows XP: Malwarebytes Infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (9)
  2. Malwarebytes findet infizierte Objekte
    Log-Analyse und Auswertung - 27.02.2014 (7)
  3. Malwarebytes Suchlauf 2 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (5)
  4. Malwarebytes Suchlauf ca. 140 infizierte Objekte :(
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (13)
  5. Malwarebytes 8 infizierte Objekte PUP.Optional.VShare/Babylon / Antivir deaktiviert / Echtzeitscanner aus /
    Log-Analyse und Auswertung - 11.01.2014 (9)
  6. Viren? - Malwarebytes findet 4 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (9)
  7. Malwarebytes findet 177 infizierte Minibar Objekte!(Windows 8.1)
    Log-Analyse und Auswertung - 03.12.2013 (6)
  8. Malwarebytes Anti-Malware findet infizierte Objekte
    Log-Analyse und Auswertung - 12.11.2013 (13)
  9. Malwarebytes findet über 700 infizierte Objekte!
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (9)
  10. Malwarebytes meldet 88 infizierte Objekte!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (20)
  11. Windows 7 malwarebytes findet 627 infizierte Objekte
    Log-Analyse und Auswertung - 17.09.2013 (7)
  12. 2x | 105 Infizierte Objekte, Hauptsächlich PUP.Optional.delta.a/b etc.
    Mülltonne - 31.08.2013 (1)
  13. Windows 7, Malwarebytes findet 1 infizierte Datei: Trojan.PUP.Optional.FileScout.A, bei einen anderen Benutzer Pub.Optional.Open.Candy
    Log-Analyse und Auswertung - 30.08.2013 (32)
  14. Malwarebytes findet 8 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (5)
  15. Malwarebytes findet 5 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (17)
  16. Firefox zeigt nur leere Seite / Malwarebytes findet 64 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (31)
  17. Malwarebytes findet 6 infizierte Objekte und die Telekom will mir den Vertrag kündigen
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (9)

Zum Thema Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... - Hallo, Malwarebytes findet öfters mal infizierte Objekte, die meist mit PUP.Optional beginnen. Kaspersky Internet Security findet nie was. Was kann ich tun? Reicht es aus, die Objekte mit Malwarebytes zu - Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional......
Archiv
Du betrachtest: Malwarebytes findet desöfteren infizierte Objekte: PUP.Optional... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.