Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2013, 12:47   #1
Steffen Joas
 
Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



Am 10. Dezember 2013 hatten wir eine E-Mail von einem Rechtsanwaltsbüro, U+C, im Posteingang. Ich bin drauf reingefallen, weil dieses Rechtanwaltsbüro tatsächlich solche Abmahnungen verschickt, aber eben nicht per E-Mail. Jedenfalls haben wir den Anhang geöffnet und der Trojaner war frei: Trojan-Dropper.Win32.Injector.jspw.

Beim Scan durch Kaspersky Pure 3, das auf dem Laptop installiert ist, wurde angeblich keine Bedrohung gefunden, dann aber doch wieder. Nachdem wir die E-Mails in Outlook gelöscht hatten, auch aus dem Papierkorb "Gelöschte Objekte" endgültig entfernt hatten, hatten wir nochmals einen vollständigen Virenscan laufen lassen. In der Quarantäne sind nun keine Dateien mehr, doch immer mal wieder signalisiert ein Pop-up-Fenster von Kaspersky, es sei Malware gefunden worden.

Wie lässt sich sicherstellen, dass der Trojaner tatsächlich von der Festplatte getilgt ist?

Alt 14.12.2013, 13:03   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.12.2013, 13:39   #3
Steffen Joas
 
Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



Hallo Schrauber,

die FRST.txt und Addision.txt würde ich dir hier gerne anhängen, doch wenn ich # anklicke, kommt nur "Code einfügen" . Da weiß ich nicht, wie's weitergeht.

Gruß,
Steffen
__________________

Alt 15.12.2013, 07:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.12.2013, 17:07   #5
Steffen Joas
 
Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



Hallo Schrauber,
vielen Dank für die Info. Habe aber kapiert, dass ich den Text besser direkt in das Fenster reinkopiere. Das hat, wie du siehst, geklappt.
Herzlichen Dank und viele Grüße,
Steffen
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by Harald (administrator) on HARALDSNOTEBOOK on 14-12-2013 12:28:40
Running from C:\Users\Harald\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-14] (Google Inc.)
HKCU\...\Run: [RfxSrvTray] - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-05] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-24] (Kaspersky Lab ZAO)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\ubjqg54x.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0
CHR Extension: (Safe Money) - C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0
CHR Extension: (Content Blocker) - C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0
CHR Extension: (Virtual Keyboard) - C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0
CHR Extension: (Google Wallet) - C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Anti-Banner) - C:\Users\Harald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-24] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()

==================== Drivers (Whitelisted) ====================

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R3 DVB7700ALL; C:\Windows\System32\Drivers\dvb7700all.sys [994304 2011-01-03] (DiBcom)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2013-10-24] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-24] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-24] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-10-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-10-24] (Kaspersky Lab ZAO)
S3 Tosrfcom; No ImagePath
S3 usbser64; C:\Windows\System32\DRIVERS\usbser.sys [33280 2013-08-29] (Microsoft Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-24] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 12:28 - 2013-12-14 12:29 - 00023966 _____ C:\Users\Harald\Downloads\FRST.txt
2013-12-14 12:28 - 2013-12-14 12:28 - 01927462 _____ (Farbar) C:\Users\Harald\Downloads\FRST64.exe
2013-12-14 12:28 - 2013-12-14 12:28 - 00000000 ____D C:\FRST
2013-12-14 12:25 - 2013-12-14 12:25 - 00050477 _____ C:\Users\Harald\Downloads\Defogger.exe
2013-12-14 12:25 - 2013-12-14 12:25 - 00000474 _____ C:\Users\Harald\Downloads\defogger_disable.log
2013-12-14 12:25 - 2013-12-14 12:25 - 00000000 _____ C:\Users\Harald\defogger_reenable
2013-12-14 12:23 - 2013-12-14 12:23 - 00001194 _____ C:\Users\Harald\Desktop\Continue Mipony Download Accelerator Installation.lnk
2013-12-14 12:21 - 2013-12-14 12:22 - 00673080 _____ (                                                            ) C:\Users\Harald\Downloads\DownloadAcceleratorSetup.exe
2013-12-14 03:03 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-14 03:03 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-14 03:03 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-14 03:03 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-14 03:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-14 03:02 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-14 03:02 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-14 03:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-14 03:02 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-14 03:02 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-14 03:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-14 03:02 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-14 03:02 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-14 03:02 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-14 03:02 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-14 03:02 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-14 03:02 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-14 03:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-14 03:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-14 03:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-14 03:02 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-14 03:02 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-14 03:02 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-14 03:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-14 03:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-14 03:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-14 03:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-14 03:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-14 03:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-14 03:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-14 03:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-14 03:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-14 03:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-14 03:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-14 03:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-13 11:39 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-13 11:39 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-13 11:39 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-13 11:39 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-13 11:39 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-13 11:39 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-13 11:39 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-13 11:39 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-13 11:39 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-13 11:39 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-13 11:39 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-13 11:39 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-13 11:39 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-13 11:39 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-13 11:39 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-13 11:39 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-13 11:39 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-13 11:39 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-13 11:39 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-11-29 12:48 - 2013-11-29 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 19:37 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-22 19:33 - 2013-11-22 19:33 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-22 19:33 - 2013-11-22 19:33 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-22 19:33 - 2013-11-22 19:33 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-22 19:33 - 2013-11-22 19:33 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-22 19:33 - 2013-11-22 19:33 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-22 19:33 - 2013-11-22 19:33 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-22 19:33 - 2013-11-22 19:33 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-22 19:32 - 2013-11-22 19:37 - 00010277 _____ C:\windows\IE11_main.log
2013-11-15 22:42 - 2013-11-15 22:42 - 00011610 _____ C:\Users\Harald\Desktop\100MEDIA - Verknüpfung.lnk
2013-11-15 22:26 - 2013-11-15 22:26 - 00010545 _____ C:\Users\Harald\Desktop\2011-11-26 - Verknüpfung.lnk
2013-11-15 22:23 - 2013-11-15 22:23 - 00008087 _____ C:\Users\Harald\Desktop\Bild - Verknüpfung.lnk
2013-11-14 11:28 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-14 11:28 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 11:28 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-14 11:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-14 11:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 11:28 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-14 11:28 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-14 11:22 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 11:22 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-14 11:22 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 11:22 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 11:22 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 11:22 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-14 11:22 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-14 11:22 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-14 11:22 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-14 11:22 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-14 11:22 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-14 11:22 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-14 11:22 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-14 11:22 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-14 11:22 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-14 11:22 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-14 11:22 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-14 11:22 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-14 11:22 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-14 11:22 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-14 11:22 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-14 11:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-14 11:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-12-14 12:29 - 2013-12-14 12:28 - 00023966 _____ C:\Users\Harald\Downloads\FRST.txt
2013-12-14 12:28 - 2013-12-14 12:28 - 01927462 _____ (Farbar) C:\Users\Harald\Downloads\FRST64.exe
2013-12-14 12:28 - 2013-12-14 12:28 - 00000000 ____D C:\FRST
2013-12-14 12:25 - 2013-12-14 12:25 - 00050477 _____ C:\Users\Harald\Downloads\Defogger.exe
2013-12-14 12:25 - 2013-12-14 12:25 - 00000474 _____ C:\Users\Harald\Downloads\defogger_disable.log
2013-12-14 12:25 - 2013-12-14 12:25 - 00000000 _____ C:\Users\Harald\defogger_reenable
2013-12-14 12:25 - 2012-06-21 18:16 - 00000000 ____D C:\Users\Harald
2013-12-14 12:24 - 2012-07-12 19:41 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 12:24 - 2011-12-25 16:31 - 01760590 _____ C:\windows\WindowsUpdate.log
2013-12-14 12:23 - 2013-12-14 12:23 - 00001194 _____ C:\Users\Harald\Desktop\Continue Mipony Download Accelerator Installation.lnk
2013-12-14 12:22 - 2013-12-14 12:21 - 00673080 _____ (                                                            ) C:\Users\Harald\Downloads\DownloadAcceleratorSetup.exe
2013-12-14 12:21 - 2012-10-28 17:30 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-14 12:19 - 2011-08-14 21:46 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-14 12:19 - 2009-07-14 05:51 - 00060266 _____ C:\windows\setupact.log
2013-12-14 11:47 - 2011-08-14 21:46 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 09:32 - 2013-04-07 20:34 - 00003510 _____ C:\windows\System32\Tasks\Harald NBAgent 5 4
2013-12-14 09:13 - 2012-06-22 11:12 - 00000000 ____D C:\Users\Harald\Documents\Outlook
2013-12-14 03:46 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-12-14 03:28 - 2011-02-11 09:21 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-12-14 03:28 - 2011-02-11 09:21 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-12-14 03:28 - 2009-07-14 06:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-14 03:26 - 2009-07-14 05:45 - 00024912 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 03:26 - 2009-07-14 05:45 - 00024912 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 03:21 - 2009-07-14 05:45 - 00435680 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-14 03:03 - 2012-06-21 19:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 13:24 - 2012-07-12 19:41 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 13:24 - 2012-07-12 19:40 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 13:24 - 2012-07-12 19:40 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 11:58 - 2011-08-14 21:46 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-13 11:42 - 2011-08-14 21:46 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-13 11:42 - 2011-08-14 21:46 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-07 13:51 - 2011-08-14 21:46 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-30 15:22 - 2012-06-22 11:15 - 00000000 ____D C:\Users\Harald\Documents\Vorlagen
2013-11-30 13:32 - 2013-06-29 16:58 - 00000000 ____D C:\ProgramData\Vorwerk
2013-11-30 10:04 - 2012-07-01 19:58 - 00000000 ____D C:\Users\Harald\AppData\Local\Htc
2013-11-30 07:48 - 2012-09-21 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-29 12:49 - 2013-11-29 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 12:54 - 2013-12-14 03:02 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-14 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-14 03:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-14 03:02 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-14 03:02 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-14 03:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-14 03:02 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-14 03:02 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-14 03:02 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-14 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-14 03:02 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-14 03:02 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-14 03:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-14 03:02 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-14 03:02 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-14 03:02 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-14 03:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-14 03:02 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-14 03:02 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-14 03:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-14 03:02 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-14 03:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-14 03:02 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-14 03:02 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-14 03:02 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-14 03:02 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-14 03:02 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-14 03:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-14 03:02 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-14 03:02 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-14 03:02 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-23 20:21 - 2012-06-21 18:24 - 00001477 _____ C:\Users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-23 20:20 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-11-23 19:26 - 2013-12-13 11:39 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-13 11:39 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-11-22 19:37 - 2013-11-22 19:32 - 00010277 _____ C:\windows\IE11_main.log
2013-11-22 19:33 - 2013-11-22 19:33 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-22 19:33 - 2013-11-22 19:33 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-22 19:33 - 2013-11-22 19:33 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-22 19:33 - 2013-11-22 19:33 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-22 19:33 - 2013-11-22 19:33 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-22 19:33 - 2013-11-22 19:33 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-22 19:33 - 2013-11-22 19:33 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-22 19:33 - 2013-11-22 19:33 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-22 19:33 - 2013-11-22 19:33 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-18 20:23 - 2012-06-21 22:12 - 00000000 ____D C:\Users\Harald\AppData\Local\Adobe
2013-11-16 17:39 - 2013-10-24 09:03 - 00000000 ____D C:\windows\ELAMBKUP
2013-11-15 22:42 - 2013-11-15 22:42 - 00011610 _____ C:\Users\Harald\Desktop\100MEDIA - Verknüpfung.lnk
2013-11-15 22:26 - 2013-11-15 22:26 - 00010545 _____ C:\Users\Harald\Desktop\2011-11-26 - Verknüpfung.lnk
2013-11-15 22:26 - 2012-06-22 10:12 - 00000000 ___RD C:\Users\Harald\Documents\@_Fotos
2013-11-15 22:23 - 2013-11-15 22:23 - 00008087 _____ C:\Users\Harald\Desktop\Bild - Verknüpfung.lnk
2013-11-14 22:35 - 2013-08-06 18:51 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 22:34 - 2012-06-21 21:48 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-14 10:09 - 2010-11-21 04:47 - 00075476 _____ C:\windows\PFRO.log

Some content of TEMP:
====================
C:\Users\Harald\AppData\Local\Temp\autorun.dll
C:\Users\Harald\AppData\Local\Temp\egigpkdq.dll
C:\Users\Harald\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Harald\AppData\Local\Temp\fqzf5krz.dll
C:\Users\Harald\AppData\Local\Temp\i0z1gupw.dll
C:\Users\Harald\AppData\Local\Temp\ICReinstall_DownloadAcceleratorSetup.exe
C:\Users\Harald\AppData\Local\Temp\ose00000.exe
C:\Users\Harald\AppData\Local\Temp\oubb2-8c.dll
C:\Users\Harald\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Harald\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Harald\AppData\Local\Temp\w4byk5aa.dll
C:\Users\Harald\AppData\Local\Temp\zyro6lso.dll
C:\Users\Harald\AppData\Local\Temp\_isD55E.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-13 14:45

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by Harald at 2013-12-14 12:30:37
Running from C:\Users\Harald\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

AAVUpdateManager (x32 Version: 18.00.0000)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Atheros Bluetooth Filter Driver Package (Version: 1.00.0004)
Atheros Driver Installation Program (x32 Version: 9.2)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bing Bar (x32 Version: 6.3.2291.0)
Bing Bar Platform (x32 Version: 6.3.2291.0)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.06(T))
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
ContentHD (x32 Version: 1.00.0002)
Contents (x32 Version: 1.5.10.332)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel Digital Studio SE (x32 Version: 1.5.10.332)
Corel WinDVD (x32 Version: 10.0.5.822)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DeviceIO (x32 Version: 1.5.10.332)
DFPro (x32 Version: 1.5.10.332)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
ENE CIR Receiver Driver (Version: 2.7.4.1)
Evernote v. 4.6.4 (x32 Version: 4.6.4.8136)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
GMX SMS-Manager (x32 Version: 2.7.2)
GMX SMS-Manager (x32 Version: 2.7.2.6)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth Plug-in (x32 Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet 6500 E710a-f Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
HTC Sync (x32 Version: 3.2.20)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
ICA (x32 Version: 1.5.10.332)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2353)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
IPM_OEM (x32 Version: 1.53)
IrfanView (remove only) (x32 Version: 4.35)
ISCOM (x32 Version: 1.5.10.332)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558)
Kobold VR-Updater (x32 Version: 1.0.2)
Label@Once 1.0 (x32 Version: 1.0)
Logitech Desktop Messenger (x32 Version: 2.52.18)
Logitech Harmony Remote Software 7 (x32 Version: 7.3.0.15)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0)
Logitech Media Server 7.7.2 (x32 Version: 7.7.2)
Marketsplash Schnellzugriffe (x32 Version: 1.0.1.7)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MLE (x32 Version: 1.0.0.60)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mp3tag v2.57 (x32 Version: v2.57)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero BackItUp 10 (x32 Version: 5.8.10900.8.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700)
Nero BurnRights 10 (x32 Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Control Center 10 (x32 Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800)
Nero Core Components 10 (x32 Version: 2.0.20000.9.12)
Nero Express 10 (x32 Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700)
Nero InfoTool 10 (x32 Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Kwik Media (x32 Version: 1.6.15100.59.100)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300)
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800)
Nero StartSmart 10 (x32 Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Update (x32 Version: 1.0.10900.31.0)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900)
NVIDIA 3D Vision Controller Driver (x32 Version: 266.84)
NVIDIA 3D Vision Controller Driver 267.44 (Version: 267.44)
NVIDIA Control Panel 267.44 (Version: 267.44)
NVIDIA Graphics Driver 267.44 (Version: 267.44)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA Optimus 1.0.21 (Version: 1.0.21)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Update Components (Version: 1.0.21)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
PureHD (x32 Version: 1.5.10.332)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Radio.fx (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6305)
Remote Control USB Driver (x32 Version: 2.3.2.317)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Setup (x32 Version: 1.5.10.332)
Share (x32 Version: 1.5.10.332)
Share64 (Version: 1.5.10.332)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steuer-Spar-Erklärung 2012 (x32 Version: 17.13)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 22.50.231.0)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Assist (x32 Version: 4.02.02)
TOSHIBA Bulletin Board (Version: 2.1.10.64)
TOSHIBA Bulletin Board (x32 Version: 2.1.10.64)
TOSHIBA ConfigFree (x32 Version: 8.0.37)
TOSHIBA Disc Creator (Version: 2.1.0.7 for x64)
TOSHIBA eco Utility (Version: 1.2.24.64)
TOSHIBA Face Recognition (Version: 3.1.9.64)
TOSHIBA Face Recognition (x32 Version: 3.1.9.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.34C)
TOSHIBA HDD Protection (Version: 2.2.1.13)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)
Toshiba Manuals (x32 Version: 10.02)
TOSHIBA Media Controller (x32 Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1)
TOSHIBA Online Product Information (x32 Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.5.64)
TOSHIBA Places Icon Utility (x32 Version: 1.1.0.12)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA ReelTime (x32 Version: 1.7.17.64)
TOSHIBA Remote Control Manager (x32 Version: 3.0.6.1)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0)
TOSHIBA Service Station (x32 Version: 2.2.9)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.7)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA Value Added Package (x32 Version: 1.5.4.64)
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.6.08-A)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.29)
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Utility Common Driver (x32 Version: 1.0.52.2C)
VIO (x32 Version: 1.5.10.332)
VLC media player 2.0.2 (Version: 2.0.2)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.5)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

22-11-2013 18:31:46 Windows Update
29-11-2013 11:52:57 Windows Update
07-12-2013 11:47:09 Windows Update
13-12-2013 10:30:16 Windows Update
14-12-2013 02:00:28 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05F4FFF7-E0D6-49F1-A8CC-60B5E750F1BE} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {0A5CCBBB-E024-45D8-AAFB-984EA7461432} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-11-22] (Microsoft Corporation)
Task: {0D850B14-7731-4209-B87A-A3D1BBA56353} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {30E2EB82-2B84-4E96-881D-36EFDA32E969} - System32\Tasks\Harald Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe [2011-06-29] (Nero AG)
Task: {433A0D08-F102-44B0-8359-C17B87C479E9} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {59762CC9-3650-4181-A0A8-26E03310F782} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {5E458E65-BBE3-4FF8-8C06-36EB9AB81F1F} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {7B4443E0-CBCD-4B5D-A54C-C97B1789A210} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {B786AC90-F657-481B-84B8-E9B8889FFDC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {DA1482DC-8C25-439F-8CD4-A4799500DF67} - System32\Tasks\Harald NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29] (Nero AG)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-05 04:18 - 2011-04-05 04:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-03 22:21 - 2011-03-03 22:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2011-08-14 21:57 - 2011-02-22 10:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-07-13 11:46 - 2013-06-03 12:06 - 09907712 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll
2012-07-13 11:46 - 2013-05-16 13:28 - 00242688 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger
2013-12-14 12:20 - 2013-12-14 12:20 - 00028774 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024679 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00032878 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024701 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00028779 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020601 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\4461f48e31bde5c56b31b973b773de09\List.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00118918 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00082048 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020576 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00036964 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\f233f63b6654362865c7577442edb9e3\Win32.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020590 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00082033 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024676 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00061540 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\e56c61f7248672819579325af3387035\POSIX.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00094334 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00053340 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00184414 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024701 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4124\93e7e3d6030f426844228042348210cf\Service.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020576 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00036964 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\f233f63b6654362865c7577442edb9e3\Win32.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024676 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00061540 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\e56c61f7248672819579325af3387035\POSIX.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020590 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00082033 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00118918 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00082048 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00028779 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020601 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\4461f48e31bde5c56b31b973b773de09\List.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024681 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00090213 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024679 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00077824 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\7f177c338672436e01c4f0bdbcf94491\EV.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00138752 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\44727051c604ef6b79894b64d4c63832\Expat.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00041080 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00030720 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020590 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024694 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\c344fd5536724b2af2e6453833b60203\SHA1.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00094334 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00053340 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00184414 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020592 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\b979ace6da01e63d651cce9ee2474fdc\Name.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00028774 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00182272 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\d0bf009923f29116535c26d228271d6d\Scan.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024672 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\17d0b152e63e6bfe81b4b19588538896\mro.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020596 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\3b7106dd14676048b10bbb09a990f74c\XS.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00032878 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024695 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024670 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00361472 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024701 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00061546 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00110705 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\7f2598c08178217a0e2c754f3d568f28\Byte.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00024679 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020596 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00030208 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00608256 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00001024 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00020587 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\c668a322917d32a5ea22894518aa9897\Base64.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 04547584 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00017920 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00061547 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\bc147d83c7c868eeee67082dcf55430c\File.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00032881 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\b6bd87c968599725b8ab2e5c25d3046a\API.dll
2013-12-14 12:20 - 2013-12-14 12:20 - 00098415 ____R () C:\Users\Harald\AppData\Local\Temp\pdk-Harald-4528\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
2013-11-29 12:48 - 2013-11-29 12:49 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-13 13:24 - 2013-12-13 13:24 - 16242056 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2013 00:21:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 11:32:16 AM) (Source: BackItUp5) (User: )
Description: Backup process failed.

Error: (12/14/2013 11:32:16 AM) (Source: BackItUp5) (User: )
Description: Job execution failed because the selected target for job does not exist.

Error: (12/14/2013 09:32:19 AM) (Source: BackItUp5) (User: )
Description: Backup process failed.

Error: (12/14/2013 09:32:19 AM) (Source: BackItUp5) (User: )
Description: Job execution failed because the selected target for job does not exist.

Error: (12/14/2013 03:22:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 01:32:16 AM) (Source: BackItUp5) (User: )
Description: Backup process failed.

Error: (12/14/2013 01:32:16 AM) (Source: BackItUp5) (User: )
Description: Job execution failed because the selected target for job does not exist.

Error: (12/13/2013 11:32:17 PM) (Source: BackItUp5) (User: )
Description: Backup process failed.

Error: (12/13/2013 11:32:17 PM) (Source: BackItUp5) (User: )
Description: Job execution failed because the selected target for job does not exist.


System errors:
=============
Error: (12/14/2013 00:19:27 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎14.‎12.‎2013 um 12:17:03 unerwartet heruntergefahren.

Error: (12/13/2013 02:47:03 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (12/13/2013 11:31:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2013 11:29:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2013 11:27:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/10/2013 07:34:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (12/07/2013 04:52:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/05/2013 11:25:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/30/2013 10:16:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/30/2013 08:01:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/14/2013 00:21:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 11:32:16 AM) (Source: BackItUp5)(User: )
Description: Sicherung ist fehlgeschlagen.

Error: (12/14/2013 11:32:16 AM) (Source: BackItUp5)(User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (E:\) für Job (Harald Local Autobackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (12/14/2013 09:32:19 AM) (Source: BackItUp5)(User: )
Description: Sicherung ist fehlgeschlagen.

Error: (12/14/2013 09:32:19 AM) (Source: BackItUp5)(User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (E:\) für Job (Harald Local Autobackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (12/14/2013 03:22:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 01:32:16 AM) (Source: BackItUp5)(User: )
Description: Sicherung ist fehlgeschlagen.

Error: (12/14/2013 01:32:16 AM) (Source: BackItUp5)(User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (E:\) für Job (Harald Local Autobackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (12/13/2013 11:32:17 PM) (Source: BackItUp5)(User: )
Description: Sicherung ist fehlgeschlagen.

Error: (12/13/2013 11:32:17 PM) (Source: BackItUp5)(User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (E:\) für Job (Harald Local Autobackup) nicht existiert oder nicht darauf zugegriffen werden kann.


CodeIntegrity Errors:
===================================
  Date: 2013-12-14 00:52:06.093
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-14 00:52:06.093
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-14 00:52:06.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-14 00:52:06.062
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-14 00:52:06.062
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-14 00:52:06.062
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-13 14:48:31.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-13 14:48:31.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-13 14:48:31.863
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-13 14:48:31.847
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 8099.77 MB
Available physical RAM: 5491.01 MB
Total Pagefile: 16197.71 MB
Available Pagefile: 13531.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (TI30797100A) (Fixed) (Total:682.06 GB) (Free:446.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: CD6526DE)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================
         
--- --- ---


Alt 16.12.2013, 09:58   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten

Alt 16.12.2013, 11:03   #7
Steffen Joas
 
Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



Hallo Schrauber,
hier das Logfile

Code:
ATTFilter
ComboFix 13-12-13.01 - Harald 16.12.2013  10:35:22.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8100.5720 [GMT 1:00]
ausgeführt von:: c:\users\Harald\Downloads\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Harald\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31F1A709-5555-4DCF-AAA2-12C0C170CDC9}.xps
c:\users\Harald\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76E39078-66F3-4B71-9DEC-398BE1D22D88}.xps
c:\users\Harald\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B96F70E6-77D3-42A8-B16E-A1FA6525E40B}.xps
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4428\perl514.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Harald\AppData\Local\Temp\pdk-Harald-4940\perl514.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-16 bis 2013-12-16  ))))))))))))))))))))))))))))))
.
.
2013-12-14 11:28 . 2013-12-14 11:28	--------	d-----w-	C:\FRST
2013-12-14 04:33 . 2013-11-08 03:12	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC283B70-6509-47CB-8273-F94ECC56A925}\mpengine.dll
2013-12-14 02:03 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-14 02:03 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-14 02:03 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-14 02:03 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-14 02:03 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-13 10:39 . 2013-10-30 02:32	335360	----a-w-	c:\windows\system32\msieftp.dll
2013-11-22 18:37 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 21:47 . 2012-06-21 20:48	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-13 12:24 . 2012-07-12 18:40	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 12:24 . 2012-07-12 18:40	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-11 04:50 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-10-24 08:26 . 2012-08-13 14:49	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-10-24 08:26 . 2012-11-02 13:48	626272	----a-w-	c:\windows\system32\drivers\klif.sys
2013-10-24 08:26 . 2012-10-18 12:50	54368	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-10-24 08:26 . 2012-09-03 16:23	29280	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2013-10-24 08:26 . 2012-09-03 15:57	29280	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2013-10-24 08:26 . 2009-09-14 12:46	28504	----a-w-	c:\windows\system32\drivers\klim6.sys
2013-10-24 08:26 . 2012-11-02 13:48	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-10-24 08:26 . 2012-06-19 15:28	7717984	----a-w-	c:\windows\system32\drivers\kl1.sys
2013-10-13 13:20 . 2013-10-13 13:20	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-12 02:30 . 2013-11-14 10:28	830464	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 10:28	859648	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 10:28	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 10:28	656896	----a-w-	c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 10:28	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 10:28	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 10:28	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 10:22	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 10:22	197120	----a-w-	c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 10:22	1930752	----a-w-	c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 10:22	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 10:22	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 10:22	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 10:09	404480	----a-w-	c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 10:09	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 10:22	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-14 10:22	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 10:22	154560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 10:22	28672	----a-w-	c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 10:22	135680	----a-w-	c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 10:22	28160	----a-w-	c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 10:22	340992	----a-w-	c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 10:22	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 10:22	1447936	----a-w-	c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 10:22	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 10:22	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 10:22	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 10:22	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 10:22	30720	----a-w-	c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20	459784	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-14 39408]
"RfxSrvTray"="c:\program files (x86)\Tobit Radio.fx\Client\rfx-tray.exe" [2013-02-07 1838872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-10-24 356128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Harald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup [2013-8-7 67128]
Logitech Media Server-Taskleisten-Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2012-12-21 3051619]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbser64;Neato Robotics USB Driver;c:\windows\system32\DRIVERS\usbser.sys;c:\windows\SYSNATIVE\DRIVERS\usbser.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 DVB7700ALL;TOSHIBA DIB7700 based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys;c:\windows\SYSNATIVE\Drivers\dvb7700all.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhidma.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 12:50	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 12:24]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 20:46]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 20:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:22	492040	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Harald\AppData\Roaming\Mozilla\Firefox\Profiles\ubjqg54x.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-10-24 10:29; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-10-24 10:29; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-10-24 10:29; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-10-24 10:29; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-10-24 10:29; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-16  10:49:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-16 09:49
.
Vor Suchlauf: 9 Verzeichnis(se), 478.472.654.848 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 481.331.982.336 Bytes frei
.
- - End Of File - - B494087D149C2C3A12566B6B3AF3394A
         
Zur Info: ab morgen, dem 17. Dezember, kann ich nicht mehr antworten. Melde mich dann erst wieder am 27. Dezember 2013.

Schöne Grüße,
Steffen

Alt 16.12.2013, 19:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Standard

Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten
abmahnung, angeblich, anhang, dateien, dezember, e-mail, entfernt, festplatte, gelöscht, gen, installiert, kaspersky, laptop, laufen, malware, malware gefunden, outlook, papierkorb, platte, quarantäne, scan, sichers, trojaner, verschickt, virenscan, windows, windows 7



Ähnliche Themen: Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten


  1. Upgrade auf Windows 10: Vorsicht vor gefälschter E-Mail
    Nachrichten - 03.08.2015 (0)
  2. DHL trojaner Mail mit zip anhang auf mac mit windows partition
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (3)
  3. Anhang (zip) von gefälschter Email geöffnet - Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (1)
  4. Windows 7: Trojaner nach gefälschter Bank-Mail
    Log-Analyse und Auswertung - 06.09.2014 (17)
  5. Abmahnung per Mail bekommen,soll Anhang öffnen für details...
    Überwachung, Datenschutz und Spam - 05.08.2014 (18)
  6. Windows 7 möglicher Trojaner befall nach gefälschter Telekom-Mail
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (9)
  7. Anhang geöffnet! RedTube: Streaming-Abmahnungen mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (11)
  8. Win8 - Abmahnmail Redtube Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (7)
  9. RedTube: Streaming-Abmahnungen mit Trojaner
    Diskussionsforum - 15.12.2013 (11)
  10. Email Postfach verschickt Redtube Trojaner ?
    Log-Analyse und Auswertung - 11.12.2013 (5)
  11. Windows 7: Trojaner o.ä. aus eMail Anhang
    Log-Analyse und Auswertung - 06.09.2013 (13)
  12. Trojaner, Windows 7 x64, OTL-Logs im Anhang
    Log-Analyse und Auswertung - 18.06.2013 (3)
  13. GVU Trojaner 2.12, Windows 7 x64, OTL-Logs im Anhang
    Log-Analyse und Auswertung - 11.06.2013 (13)
  14. Falsche Abmahnung der E-Mail - Trojaner Win32:MalOb-KU
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (2)
  15. windows verschlüsselungs trojaner, OTL.txt im Anhang, Windows XP
    Log-Analyse und Auswertung - 08.06.2012 (2)
  16. 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang!
    Log-Analyse und Auswertung - 12.02.2012 (15)
  17. Gefälschter BKA-Trojaner - wo nistet er sich ein?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2011 (5)

Zum Thema Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten - Am 10. Dezember 2013 hatten wir eine E-Mail von einem Rechtsanwaltsbüro, U+C, im Posteingang. Ich bin drauf reingefallen, weil dieses Rechtanwaltsbüro tatsächlich solche Abmahnungen verschickt, aber eben nicht per E-Mail. - Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten...
Archiv
Du betrachtest: Windows 7: Trojaner, Anhang an gefälschter Redtube-Abmahnung von U + C Rechtanwälten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.