Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: awesomehp läßt sich trotz malwarebytes und adware nicht entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.02.2014, 19:57   #1
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Guten Abend,

habe mir beim download einer software von der Seite von chip.de awesomehp eingefangen und kann es trotz Malwarebytes bzw. adware nicht entfernen.

Kann mir bitte jemand behilflich sein?

Danke im voraus.

Alt 05.02.2014, 20:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.02.2014, 22:33   #3
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by ferryklein (administrator) on FERRYKLEIN-TOSH on 05-02-2014 22:20:28
Running from C:\Users\ferryklein\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\gStart.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-01-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [701752 2009-07-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [openvpn-gui] - C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [406112 2012-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [gStart] - C:\Program Files (x86)\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-03-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31010816 2013-11-20] (iMesh, Inc)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {1BC2B507-07E9-4D62-BCB4-558743CEF7DC} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {5EC3A677-5BA9-40A0-9F72-E3604289B3ED} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=dd35c8ab-aab8-4929-932c-e3b1c9fcdd05&apn_sauid=73513A59-8FD2-439F-AEAD-017C824A3162
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {AA640730-64DB-4A9F-AC66-86A1859057E1} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3842024189-3036340141-1986856425-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-23]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: Lightning Speed Dial - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi [2014-02-04]
FF HKCU\...\Firefox\Extensions: [{f1d02156-7557-4942-96ce-a3bf730e8941}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185176 2013-03-07] (Garmin Ltd or its subsidiaries)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [961536 2009-06-11] (DiBcom)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\System32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 22:20 - 2014-02-05 22:21 - 00033509 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-05 22:19 - 2014-02-05 22:20 - 00000000 ____D () C:\FRST
2014-02-05 22:19 - 2014-02-05 22:19 - 02082304 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:14 - 2014-02-05 22:14 - 00000000 ____D () C:\ProgramData\262F2
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 22:12 - 2014-02-05 22:14 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\iMesh
2014-02-05 22:12 - 2014-02-05 22:12 - 00001286 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001155 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001125 _____ () C:\Users\ferryklein\Desktop\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-05 22:10 - 2014-02-05 22:10 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf(1).exe
2014-02-05 22:09 - 2014-02-05 22:09 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 18:48 - 2014-02-05 19:17 - 00000000 ____D () C:\AdwCleaner
2014-02-05 18:47 - 2014-02-05 18:48 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-04 19:52 - 2014-02-04 20:49 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:52 - 2014-02-04 19:53 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-30 19:48 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 19:48 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 19:48 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 19:48 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 19:47 - 2014-01-30 19:48 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-16 22:02 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 22:02 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 22:02 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe
2014-01-06 22:53 - 2014-01-06 22:53 - 00307864 _____ () C:\Windows\Minidump\010614-63367-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-05 22:21 - 2014-02-05 22:20 - 00033509 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-05 22:20 - 2014-02-05 22:19 - 00000000 ____D () C:\FRST
2014-02-05 22:20 - 2010-10-13 18:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-05 22:19 - 2014-02-05 22:19 - 02082304 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:17 - 2013-12-23 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 22:14 - 2014-02-05 22:14 - 00000000 ____D () C:\ProgramData\262F2
2014-02-05 22:14 - 2014-02-05 22:12 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\iMesh
2014-02-05 22:14 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 22:14 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 22:12 - 2014-02-05 22:12 - 00001286 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001155 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001125 _____ () C:\Users\ferryklein\Desktop\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-05 22:10 - 2014-02-05 22:10 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf(1).exe
2014-02-05 22:10 - 2010-02-20 15:41 - 01771828 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 22:09 - 2014-02-05 22:09 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 22:03 - 2010-08-08 10:15 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\Skype
2014-02-05 21:59 - 2013-07-04 18:08 - 00037778 _____ () C:\Windows\setupact.log
2014-02-05 21:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 19:37 - 2012-04-17 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 19:17 - 2014-02-05 18:48 - 00000000 ____D () C:\AdwCleaner
2014-02-05 18:48 - 2014-02-05 18:47 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-05 18:39 - 2013-07-04 22:34 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 20:49 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 20:49 - 2013-07-04 18:34 - 00040910 _____ () C:\Windows\PFRO.log
2014-02-04 19:53 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:52 - 2010-04-14 21:02 - 00001644 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-31 22:15 - 2010-04-23 17:36 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\Adobe
2014-01-31 22:14 - 2012-04-17 22:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-31 22:14 - 2012-04-17 22:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 22:14 - 2011-05-16 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 19:49 - 2013-11-19 21:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 19:48 - 2014-01-30 19:47 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:48 - 2009-12-13 22:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:30 - 2011-11-15 21:56 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 16:25 - 2010-09-24 21:15 - 00000000 ____D () C:\ProgramData\Apple
2014-01-24 14:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ___RD () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ____D () C:\Users\ferryklein
2014-01-22 18:34 - 2009-12-13 22:17 - 00000000 __RHD () C:\MSOCache
2014-01-22 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-01-20 14:35 - 2012-05-04 17:57 - 00000000 ____D () C:\Users\ferryklein\Documents\Franz
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-19 21:39 - 2009-07-14 05:45 - 00479312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 00:01 - 2009-12-13 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-17 00:00 - 2013-08-15 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:58 - 2010-04-22 21:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 22:02 - 2013-08-27 18:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe
2014-01-12 17:07 - 2011-03-04 20:09 - 00000000 ____D () C:\Users\ferryklein\Documents\Yannic
2014-01-06 22:53 - 2014-01-06 22:53 - 00307864 _____ () C:\Windows\Minidump\010614-63367-01.dmp
2014-01-06 22:53 - 2013-10-14 22:45 - 787475225 _____ () C:\Windows\MEMORY.DMP
2014-01-06 22:53 - 2010-07-25 21:45 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\ferryklein\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ferryklein\AppData\Local\Temp\OfficeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\Quarantine.exe
C:\Users\ferryklein\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\smt_awesomehp_new.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-17 20:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by ferryklein (administrator) on FERRYKLEIN-TOSH on 05-02-2014 22:20:28
Running from C:\Users\ferryklein\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\gStart.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-01-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [701752 2009-07-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [openvpn-gui] - C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [406112 2012-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [gStart] - C:\Program Files (x86)\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-03-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31010816 2013-11-20] (iMesh, Inc)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {1BC2B507-07E9-4D62-BCB4-558743CEF7DC} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {5EC3A677-5BA9-40A0-9F72-E3604289B3ED} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=dd35c8ab-aab8-4929-932c-e3b1c9fcdd05&apn_sauid=73513A59-8FD2-439F-AEAD-017C824A3162
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {AA640730-64DB-4A9F-AC66-86A1859057E1} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3842024189-3036340141-1986856425-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-23]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: Lightning Speed Dial - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi [2014-02-04]
FF HKCU\...\Firefox\Extensions: [{f1d02156-7557-4942-96ce-a3bf730e8941}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185176 2013-03-07] (Garmin Ltd or its subsidiaries)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [961536 2009-06-11] (DiBcom)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\System32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 22:20 - 2014-02-05 22:21 - 00033509 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-05 22:19 - 2014-02-05 22:20 - 00000000 ____D () C:\FRST
2014-02-05 22:19 - 2014-02-05 22:19 - 02082304 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:14 - 2014-02-05 22:14 - 00000000 ____D () C:\ProgramData\262F2
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 22:12 - 2014-02-05 22:14 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\iMesh
2014-02-05 22:12 - 2014-02-05 22:12 - 00001286 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001155 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001125 _____ () C:\Users\ferryklein\Desktop\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-05 22:10 - 2014-02-05 22:10 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf(1).exe
2014-02-05 22:09 - 2014-02-05 22:09 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 18:48 - 2014-02-05 19:17 - 00000000 ____D () C:\AdwCleaner
2014-02-05 18:47 - 2014-02-05 18:48 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-04 19:52 - 2014-02-04 20:49 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:52 - 2014-02-04 19:53 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-30 19:48 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 19:48 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 19:48 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 19:48 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 19:47 - 2014-01-30 19:48 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-16 22:02 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 22:02 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 22:02 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe
2014-01-06 22:53 - 2014-01-06 22:53 - 00307864 _____ () C:\Windows\Minidump\010614-63367-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-05 22:21 - 2014-02-05 22:20 - 00033509 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-05 22:20 - 2014-02-05 22:19 - 00000000 ____D () C:\FRST
2014-02-05 22:20 - 2010-10-13 18:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-05 22:19 - 2014-02-05 22:19 - 02082304 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:17 - 2013-12-23 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 22:14 - 2014-02-05 22:14 - 00000000 ____D () C:\ProgramData\262F2
2014-02-05 22:14 - 2014-02-05 22:12 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\iMesh
2014-02-05 22:14 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 22:14 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 22:12 - 2014-02-05 22:12 - 00001286 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001155 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00001125 _____ () C:\Users\ferryklein\Desktop\iMesh.lnk
2014-02-05 22:12 - 2014-02-05 22:12 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-05 22:10 - 2014-02-05 22:10 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf(1).exe
2014-02-05 22:10 - 2010-02-20 15:41 - 01771828 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 22:09 - 2014-02-05 22:09 - 01431792 _____ (iMesh Inc) C:\Users\ferryklein\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 22:03 - 2010-08-08 10:15 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\Skype
2014-02-05 21:59 - 2013-07-04 18:08 - 00037778 _____ () C:\Windows\setupact.log
2014-02-05 21:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 19:37 - 2012-04-17 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 19:17 - 2014-02-05 18:48 - 00000000 ____D () C:\AdwCleaner
2014-02-05 18:48 - 2014-02-05 18:47 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-05 18:39 - 2013-07-04 22:34 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 20:49 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 20:49 - 2013-07-04 18:34 - 00040910 _____ () C:\Windows\PFRO.log
2014-02-04 19:53 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:52 - 2010-04-14 21:02 - 00001644 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-31 22:15 - 2010-04-23 17:36 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\Adobe
2014-01-31 22:14 - 2012-04-17 22:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-31 22:14 - 2012-04-17 22:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 22:14 - 2011-05-16 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 19:49 - 2013-11-19 21:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 19:48 - 2014-01-30 19:47 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:48 - 2009-12-13 22:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:30 - 2011-11-15 21:56 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 16:25 - 2010-09-24 21:15 - 00000000 ____D () C:\ProgramData\Apple
2014-01-24 14:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ___RD () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ____D () C:\Users\ferryklein
2014-01-22 18:34 - 2009-12-13 22:17 - 00000000 __RHD () C:\MSOCache
2014-01-22 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-01-20 14:35 - 2012-05-04 17:57 - 00000000 ____D () C:\Users\ferryklein\Documents\Franz
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-19 21:39 - 2009-07-14 05:45 - 00479312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 00:01 - 2009-12-13 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-17 00:00 - 2013-08-15 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:58 - 2010-04-22 21:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 22:02 - 2013-08-27 18:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe
2014-01-12 17:07 - 2011-03-04 20:09 - 00000000 ____D () C:\Users\ferryklein\Documents\Yannic
2014-01-06 22:53 - 2014-01-06 22:53 - 00307864 _____ () C:\Windows\Minidump\010614-63367-01.dmp
2014-01-06 22:53 - 2013-10-14 22:45 - 787475225 _____ () C:\Windows\MEMORY.DMP
2014-01-06 22:53 - 2010-07-25 21:45 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\ferryklein\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ferryklein\AppData\Local\Temp\OfficeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\Quarantine.exe
C:\Users\ferryklein\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\smt_awesomehp_new.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-17 20:06
         
__________________

Alt 05.02.2014, 22:35   #4
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by ferryklein at 2014-02-05 22:22:13
Running from C:\Users\ferryklein\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
7-Zip 9.20 (x32 Version:  - )
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (x32 Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.17 - Atheros Communications Inc.)
awesomehp Browser Protecter (x32 Version:  - awesomehp) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (Version: v7.10.01(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (Version: 4.3.8.2631 - CDBurnerXP)
Citrix Presentation Server Client - Nur Web (x32 Version: 10.205.7954 - Citrix Systems, Inc.)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (Version: 4.98.16.61 - Conexant)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DMUninstaller (x32 Version:  - )
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
eBay (x32 Version: 1.0.5 - eBay Inc.)
Elevated Installer (x32 Version: 2.1.10 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (x32 Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin x64 (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.10 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.10 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (x32 Version: 3.6.3 - Garmin Ltd or its subsidiaries)
Garmin Update Service (x32 Version: 2.1.10 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (x32 Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION)
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (x32 Version: 28.0.0 - Hewlett Packard)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
HTC BMP USB Driver (x32 Version: 1.0.5375 - HTC)
HTC Driver Installer (x32 Version: 4.10.0.001 - HTC Corporation)
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
iCloud (Version: 3.1.0.40 - Apple Inc.)
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
ILQ AU - MT4 Client (x32 Version: 4.00 - MetaQuotes Software Corp.)
ILQAU - 1 Lots (x32 Version: 4.00 - MetaQuotes Software Corp.)
iMesh (x32 Version: 12.5.0.134600 - iMesh Inc)
Intel(R) Control Center (x32 Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.1.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation)
InterVideo WinDVD BD for TOSHIBA (x32 Version: 8.0-B20.185 - InterVideo Inc.)
InterVideo WinDVD BD for TOSHIBA (x32 Version: 8.0-B20.185 - InterVideo Inc.) Hidden
IPTInstaller (x32 Version: 4.0.8 - HTC)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaScript Tools (x32 Version:  - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MP3jam 1.1.1.4 (x32 Version: 1.1.1.4 - MP3jam)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nuvoton CIR Device Drivers (x32 Version: 8.60.2002 - Nuvoton Technology Corporation)
NVIDIA Drivers (Version: 1.10.56.34 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.10.0129 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.24.D - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (x32 Version: 2.0.24.D - O2Micro International LTD.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PC Connectivity Solution (x32 Version: 10.24.0.0 - Nokia)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek WLAN Driver (x32 Version: 2.00.0006 - Realtek)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
Sausage Software Common Files Package (x32 Version:  - )
Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sophos SSL VPN Client 2.0 (x32 Version: 2.0 - )
streamWriter (x32 Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (Version: 14.0.12.0 - Synaptics Incorporated)
Toshiba Assist (x32 Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (Version: 1.5.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.5.06.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (x32 Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (x32 Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version:  - )
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (Version: 4.02.01.00 - TOSHIBA) Hidden
TOSHIBA Hardware Setup (x32 Version: 4.02.01.00 - )
TOSHIBA HDD Protection (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.4 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.4 - TOSHIBA Corporation) Hidden
Toshiba Manuals (x32 Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (x32 Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (Version: 1.5.6.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (Version: 1.5.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.5.08.64 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (x32 Version: 3.0.1.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (x32 Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 4.02.01.00 - TOSHIBA) Hidden
TOSHIBA Supervisor Password (x32 Version: 4.02.01.00 - )
TOSHIBA TEMPRO (x32 Version: 3.34 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (x32 Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.34.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.34.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.2.34.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.10 - TOSHIBA Corporation)
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
TRORMCLauncher (x32 Version:  - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
WildTangent-Spiele (x32 Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
Yahoo! Software Update (x32 Version:  - )

==================== Restore Points  =========================

27-12-2013 19:15:28 Windows Update
01-01-2014 22:11:40 Windows Update
09-01-2014 19:06:42 Windows Update
16-01-2014 20:48:10 Windows Update
16-01-2014 22:58:09 Windows Update
19-01-2014 22:20:08 Windows Update
20-01-2014 13:39:17 Windows Update
22-01-2014 17:47:04 Windows Update
22-01-2014 18:51:31 Windows Update
24-01-2014 17:59:10 Windows Update
24-01-2014 18:34:47 Windows Update
24-01-2014 22:24:25 Windows Update
25-01-2014 13:37:59 Windows Update
26-01-2014 19:04:30 Windows Update
27-01-2014 19:55:16 Windows Update
28-01-2014 23:02:04 Windows Update
30-01-2014 18:47:12 Installed Java 7 Update 51
30-01-2014 18:59:12 Windows Update
30-01-2014 23:03:54 Windows Update
31-01-2014 22:01:18 Windows Update
02-02-2014 22:56:09 Windows Update
04-02-2014 22:12:28 Windows Update
05-02-2014 19:01:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04CE70A8-E1DE-4162-AC77-74EACB32B42B} - System32\Tasks\{4CE370D3-CA27-4C01-9F0D-AA4DA26CEDA2} => C:\Program Files (x86)\MetaTrader - FXOpen\terminal.exe
Task: {17CFD769-493B-4EAF-9325-9256F17F88F6} - System32\Tasks\{25DD92F0-8612-4E66-A56D-B403681C62AB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {4840F4C8-BBFB-4AE3-946A-18563B3F6E75} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {5D7DD513-8EA1-4BB3-B9C5-9AC13AC05273} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-13] (Microsoft Corporation)
Task: {703A4CE4-F004-43CB-801B-F6ED6092B089} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {944780FC-C625-4078-A10F-C2489715F8BF} - \BrowserDefendert No Task File
Task: {A069FED5-3DEC-457E-8D69-963C4A4393E8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {B142F04C-B95B-462F-AB75-8C74CFC91193} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-13] (Microsoft Corporation)
Task: {C6EF938B-A6CC-43B4-B5D1-29C39534A81D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C78C3885-0CE1-4CC9-B894-783FDAAFC62F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {E0DBE6C1-5B49-4F7F-BC6A-D1497355C333} - System32\Tasks\{86DA2536-33B7-44A0-A522-AA648F39F24D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {EAB3F8EE-C340-4800-A58B-1AA09B781E40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31] (Adobe Systems Incorporated)
Task: {F6A34C9E-877A-490E-81FA-F30F462C6692} - \EPUpdater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-10-18 15:20 - 2009-10-18 15:20 - 07959864 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-12-13 22:14 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-04-06 13:53 - 2010-04-06 13:53 - 00578936 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2009-11-05 09:18 - 2009-11-05 09:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2012-12-06 15:36 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2010-02-20 15:41 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-23 20:43 - 2013-12-23 20:43 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-12 23:37 - 2013-12-12 23:37 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2014-02-05 22:12 - 2013-06-06 07:55 - 03213312 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll
2014-02-05 22:12 - 2013-06-06 07:55 - 00027648 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll
2014-02-05 22:12 - 2013-06-06 07:55 - 00441856 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avformat-51.dll
2014-02-05 22:12 - 2013-11-20 23:11 - 00797696 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ResourcesLoc.dll
2014-02-05 22:12 - 2013-11-20 23:01 - 01550848 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\nickel.ocx
2014-02-05 22:12 - 2013-06-06 07:55 - 00150528 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ammp3.dll
2014-02-05 22:12 - 2013-11-20 23:01 - 00285184 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\DiscoveryHelper.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 10:05:45 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (02/05/2014 08:02:16 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Auf den Netzwerkpfad %APPDATA%\ konnte nicht zugegriffen werden.

Error: (02/05/2014 08:02:16 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Auf den Netzwerkpfad %APPDATA%\ konnte nicht zugegriffen werden.

Error: (02/05/2014 07:29:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10094

Error: (02/05/2014 07:29:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10094

Error: (02/05/2014 07:29:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 06:56:26 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (02/05/2014 06:26:50 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (02/04/2014 11:13:44 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Auf den Netzwerkpfad %APPDATA%\ konnte nicht zugegriffen werden.

Error: (02/04/2014 11:13:44 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Auf den Netzwerkpfad %APPDATA%\ konnte nicht zugegriffen werden.


System errors:
=============
Error: (02/05/2014 10:04:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.

Error: (02/05/2014 10:00:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft Office-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/05/2014 10:00:31 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Dienst erreicht.

Error: (02/05/2014 09:59:36 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎02.‎2014 um 21:58:14 unerwartet heruntergefahren.

Error: (02/05/2014 09:48:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/05/2014 09:48:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (02/04/2014 08:59:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Management & Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (02/04/2014 08:51:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/04/2014 08:51:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (02/04/2014 07:52:58 PM) (Source: DCOM) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-04 22:00:40.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-04 22:00:40.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-04 22:00:40.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-04 21:27:02.280
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-04 21:27:02.280
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-04 21:27:02.260
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-17 21:17:23.295
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-17 21:17:23.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-17 21:17:23.291
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-17 21:17:23.255
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 8052.47 MB
Available physical RAM: 5387.02 MB
Total Pagefile: 16103.13 MB
Available Pagefile: 13169.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.94 GB) (Free:106.3 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.43 GB) (Free:224.83 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:465.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4442DD8E)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DFA76740)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
         

Alt 06.02.2014, 17:02   #5
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



AdwCleaner löschen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2014, 19:01   #6
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 06/02/2014 um 18:28:41
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ferryklein - FERRYKLEIN-TOSH
# Gestartet von : C:\Users\ferryklein\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0 (de)

[ Datei : C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\ferryklein\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4067 octets] - [05/02/2014 18:48:56]
AdwCleaner[R1].txt - [1060 octets] - [05/02/2014 19:01:41]
AdwCleaner[R2].txt - [1181 octets] - [05/02/2014 19:16:19]
AdwCleaner[R3].txt - [1998 octets] - [06/02/2014 18:26:52]
AdwCleaner[S0].txt - [4028 octets] - [05/02/2014 18:50:16]
AdwCleaner[S1].txt - [1122 octets] - [05/02/2014 19:03:44]
AdwCleaner[S2].txt - [1243 octets] - [05/02/2014 19:17:41]
AdwCleaner[S3].txt - [1871 octets] - [06/02/2014 18:28:41]
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by ferryklein on 06.02.2014 at 18:40:09,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3842024189-3036340141-1986856425-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EC3A677-5BA9-40A0-9F72-E3604289B3ED}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\ferryklein\AppData\Roaming\zip opener packages"



~~~ FireFox

Emptied folder: C:\Users\ferryklein\AppData\Roaming\mozilla\firefox\profiles\m88bbbbg.default\minidumps [641 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.02.2014 at 18:51:45,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 02/06/2014 06:56:37 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\

  * Shortcut Cleaned: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

  * Shortcut Cleaned: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

  * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

Searching C:\Users\ferryklein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

  * Shortcut Cleaned: C:\Users\ferryklein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

  * Shortcut Cleaned: C:\Users\ferryklein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

  * Shortcut Cleaned: C:\Users\ferryklein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES

Searching C:\Users\Public\Desktop\

Searching C:\Users\ferryklein\Desktop


6 bad shortcuts found.

Program finished at: 02/06/2014 06:56:39 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by ferryklein (administrator) on FERRYKLEIN-TOSH on 06-02-2014 18:58:46
Running from C:\Users\ferryklein\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\gStart.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-01-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [701752 2009-07-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [openvpn-gui] - C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [406112 2012-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [gStart] - C:\Program Files (x86)\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-03-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {1BC2B507-07E9-4D62-BCB4-558743CEF7DC} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {AA640730-64DB-4A9F-AC66-86A1859057E1} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3842024189-3036340141-1986856425-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-02-05]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-02-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: Lightning Speed Dial - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi [2014-02-04]
FF HKCU\...\Firefox\Extensions: [{f1d02156-7557-4942-96ce-a3bf730e8941}] - C:\Program Files (x86)\Show-Password\150.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185176 2013-03-07] (Garmin Ltd or its subsidiaries)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [961536 2009-06-11] (DiBcom)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\System32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 18:56 - 2014-02-06 18:56 - 00005272 _____ () C:\sc-cleaner.txt
2014-02-06 18:55 - 2014-02-06 18:56 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\ferryklein\Downloads\sc-cleaner.exe
2014-02-06 18:51 - 2014-02-06 18:51 - 00001195 _____ () C:\Users\ferryklein\Desktop\JRT.txt
2014-02-06 18:37 - 2014-02-06 18:38 - 01037530 _____ (Thisisu) C:\Users\ferryklein\Downloads\JRT.exe
2014-02-05 22:22 - 2014-02-05 22:23 - 00031680 _____ () C:\Users\ferryklein\Downloads\Addition.txt
2014-02-05 22:20 - 2014-02-06 18:58 - 00032171 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-05 22:19 - 2014-02-06 18:58 - 00000000 ____D () C:\FRST
2014-02-05 22:19 - 2014-02-05 22:19 - 02082304 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:17 - 2014-02-05 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 18:48 - 2014-02-06 18:28 - 00000000 ____D () C:\AdwCleaner
2014-02-05 18:47 - 2014-02-05 18:48 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-04 19:52 - 2014-02-04 20:49 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:52 - 2014-02-04 19:53 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-30 19:48 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 19:48 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 19:48 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 19:48 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 19:47 - 2014-01-30 19:48 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-16 22:02 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 22:02 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 22:02 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe

==================== One Month Modified Files and Folders =======

2014-02-06 18:59 - 2014-02-05 22:20 - 00032171 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-06 18:58 - 2014-02-05 22:19 - 00000000 ____D () C:\FRST
2014-02-06 18:56 - 2014-02-06 18:56 - 00005272 _____ () C:\sc-cleaner.txt
2014-02-06 18:56 - 2014-02-06 18:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\ferryklein\Downloads\sc-cleaner.exe
2014-02-06 18:56 - 2010-04-14 21:02 - 00001432 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 18:51 - 2014-02-06 18:51 - 00001195 _____ () C:\Users\ferryklein\Desktop\JRT.txt
2014-02-06 18:42 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 18:42 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 18:40 - 2013-07-09 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-06 18:38 - 2014-02-06 18:37 - 01037530 _____ (Thisisu) C:\Users\ferryklein\Downloads\JRT.exe
2014-02-06 18:37 - 2012-04-17 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 18:36 - 2010-10-13 18:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-06 18:34 - 2010-08-08 10:15 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\Skype
2014-02-06 18:30 - 2013-07-04 18:08 - 00037946 _____ () C:\Windows\setupact.log
2014-02-06 18:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 18:28 - 2014-02-05 18:48 - 00000000 ____D () C:\AdwCleaner
2014-02-06 18:28 - 2010-02-20 15:41 - 01823693 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 18:14 - 2013-07-04 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 23:37 - 2012-04-17 22:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 23:37 - 2012-04-17 22:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 23:37 - 2011-05-16 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 22:23 - 2014-02-05 22:22 - 00031680 _____ () C:\Users\ferryklein\Downloads\Addition.txt
2014-02-05 22:19 - 2014-02-05 22:19 - 02082304 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:17 - 2014-02-05 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 18:48 - 2014-02-05 18:47 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-05 18:39 - 2013-07-04 22:34 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 20:49 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 20:49 - 2013-07-04 18:34 - 00040910 _____ () C:\Windows\PFRO.log
2014-02-04 19:53 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-31 22:15 - 2010-04-23 17:36 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\Adobe
2014-01-30 19:49 - 2013-11-19 21:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 19:48 - 2014-01-30 19:47 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:48 - 2009-12-13 22:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:30 - 2011-11-15 21:56 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 16:25 - 2010-09-24 21:15 - 00000000 ____D () C:\ProgramData\Apple
2014-01-24 14:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ___RD () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ____D () C:\Users\ferryklein
2014-01-22 18:34 - 2009-12-13 22:17 - 00000000 __RHD () C:\MSOCache
2014-01-22 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-01-20 14:35 - 2012-05-04 17:57 - 00000000 ____D () C:\Users\ferryklein\Documents\Franz
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-19 21:39 - 2009-07-14 05:45 - 00479312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 00:01 - 2009-12-13 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-17 00:00 - 2013-08-15 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:58 - 2010-04-22 21:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 22:02 - 2013-08-27 18:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe
2014-01-12 17:07 - 2011-03-04 20:09 - 00000000 ____D () C:\Users\ferryklein\Documents\Yannic

Some content of TEMP:
====================
C:\Users\ferryklein\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ferryklein\AppData\Local\Temp\OfficeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\Quarantine.exe
C:\Users\ferryklein\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\smt_awesomehp_new.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-17 20:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 07.02.2014, 16:57   #7
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2014, 01:01   #8
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1ec02dd458e37f4bb3b2bdaf762b6301
# engine=16985
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-07 11:33:13
# local_time=2014-02-08 12:33:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777214 100 99 26622 46582315 0 0
# compatibility_mode=5893 16776573 100 94 26033 143445843 0 0
# scanned=96612
# found=0
# cleaned=0
# scan_time=22133
         
Code:
ATTFilter
Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaScript Tools    
 Java 7 Update 51  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (27.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 TOSHIBA Toshiba Online Product Information TOPI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaScript Tools    
 Java 7 Update 51  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (27.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 TOSHIBA Toshiba Online Product Information TOPI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Ganz herzlichen Dank für die Hilfe.

Toll, daß sich jemand die Mühe macht und die Zeit nimmt um zu helfen.

Werde mich abmelden und dann den browser hochfahren, um zu sehen, ob es keine Probleme mehr gibt.

Viele Grüße und schönes Wochenende

Ferry

awesomehp erscheint nach dem Starten des browsers nicht mehr. Super !!!

Unter Programme finde ich allerdings immer noch den Eintrag:

awesome browser protector

Kann das so bleiben?

Vielen Dank nochmals.

Ferry

Alt 08.02.2014, 16:59   #9
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Das frische FRST log fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2014, 18:26   #10
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by ferryklein (administrator) on FERRYKLEIN-TOSH on 08-02-2014 18:19:55
Running from C:\Users\ferryklein\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\gStart.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16414824 2010-01-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [701752 2009-07-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [openvpn-gui] - C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [406112 2012-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [gStart] - C:\Program Files (x86)\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1099608 2013-03-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842024189-3036340141-1986856425-1001\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {1BC2B507-07E9-4D62-BCB4-558743CEF7DC} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {AA640730-64DB-4A9F-AC66-86A1859057E1} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3842024189-3036340141-1986856425-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-02-05]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-02-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: Lightning Speed Dial - C:\Users\ferryklein\AppData\Roaming\Mozilla\Firefox\Profiles\m88bbbbg.default\extensions\lightningnewtab@gmail.com.xpi [2014-02-04]
FF HKCU\...\Firefox\Extensions: [{f1d02156-7557-4942-96ce-a3bf730e8941}] - C:\Program Files (x86)\Show-Password\150.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185176 2013-03-07] (Garmin Ltd or its subsidiaries)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [57952 2012-10-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [961536 2009-06-11] (DiBcom)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\System32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 00:48 - 2014-02-08 00:48 - 00000000 ____D () C:\Users\ferryklein\Downloads\FRST-OlderVersion
2014-02-08 00:38 - 2014-02-08 00:38 - 00987425 _____ () C:\Users\ferryklein\Downloads\SecurityCheck.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 02347384 _____ (ESET) C:\Users\ferryklein\Downloads\esetsmartinstaller_enu.exe
2014-02-06 18:56 - 2014-02-06 18:56 - 00005272 _____ () C:\sc-cleaner.txt
2014-02-06 18:55 - 2014-02-06 18:56 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\ferryklein\Downloads\sc-cleaner.exe
2014-02-06 18:51 - 2014-02-06 18:51 - 00001195 _____ () C:\Users\ferryklein\Desktop\JRT.txt
2014-02-06 18:37 - 2014-02-06 18:38 - 01037530 _____ (Thisisu) C:\Users\ferryklein\Downloads\JRT.exe
2014-02-05 22:22 - 2014-02-05 22:23 - 00031680 _____ () C:\Users\ferryklein\Downloads\Addition.txt
2014-02-05 22:20 - 2014-02-08 18:19 - 00032517 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-05 22:19 - 2014-02-08 18:19 - 00000000 ____D () C:\FRST
2014-02-05 22:19 - 2014-02-08 00:48 - 02079744 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-05 22:17 - 2014-02-05 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 18:48 - 2014-02-06 18:28 - 00000000 ____D () C:\AdwCleaner
2014-02-05 18:47 - 2014-02-05 18:48 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-04 19:52 - 2014-02-04 20:49 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:52 - 2014-02-04 19:53 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-30 19:48 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 19:48 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 19:48 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 19:48 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 19:47 - 2014-01-30 19:48 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:29 - 2014-01-26 16:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-16 22:02 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 22:02 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 22:02 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 22:02 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe

==================== One Month Modified Files and Folders =======

2014-02-08 18:21 - 2014-02-05 22:20 - 00032517 _____ () C:\Users\ferryklein\Downloads\FRST.txt
2014-02-08 18:19 - 2014-02-05 22:19 - 00000000 ____D () C:\FRST
2014-02-08 18:16 - 2010-10-13 18:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-08 18:15 - 2010-08-08 10:15 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\Skype
2014-02-08 18:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 18:09 - 2013-07-04 18:08 - 00038226 _____ () C:\Windows\setupact.log
2014-02-08 13:18 - 2010-02-20 15:41 - 01920710 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 13:12 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 13:12 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 12:59 - 2013-07-04 18:34 - 00041736 _____ () C:\Windows\PFRO.log
2014-02-08 00:48 - 2014-02-08 00:48 - 00000000 ____D () C:\Users\ferryklein\Downloads\FRST-OlderVersion
2014-02-08 00:48 - 2014-02-05 22:19 - 02079744 _____ (Farbar) C:\Users\ferryklein\Downloads\FRST64.exe
2014-02-08 00:38 - 2014-02-08 00:38 - 00987425 _____ () C:\Users\ferryklein\Downloads\SecurityCheck.exe
2014-02-08 00:37 - 2012-04-17 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 18:21 - 2014-02-07 18:21 - 02347384 _____ (ESET) C:\Users\ferryklein\Downloads\esetsmartinstaller_enu.exe
2014-02-06 18:56 - 2014-02-06 18:56 - 00005272 _____ () C:\sc-cleaner.txt
2014-02-06 18:56 - 2014-02-06 18:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\ferryklein\Downloads\sc-cleaner.exe
2014-02-06 18:56 - 2010-04-14 21:02 - 00001432 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 18:51 - 2014-02-06 18:51 - 00001195 _____ () C:\Users\ferryklein\Desktop\JRT.txt
2014-02-06 18:40 - 2013-07-09 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-06 18:38 - 2014-02-06 18:37 - 01037530 _____ (Thisisu) C:\Users\ferryklein\Downloads\JRT.exe
2014-02-06 18:28 - 2014-02-05 18:48 - 00000000 ____D () C:\AdwCleaner
2014-02-06 18:14 - 2013-07-04 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 23:37 - 2012-04-17 22:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 23:37 - 2012-04-17 22:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 23:37 - 2011-05-16 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 22:23 - 2014-02-05 22:22 - 00031680 _____ () C:\Users\ferryklein\Downloads\Addition.txt
2014-02-05 22:17 - 2014-02-05 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\Documents\My Received Files
2014-02-05 22:13 - 2014-02-05 22:13 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\MusicNet
2014-02-05 18:48 - 2014-02-05 18:47 - 01166132 _____ () C:\Users\ferryklein\Downloads\adwcleaner.exe
2014-02-05 18:44 - 2014-02-05 18:44 - 00003252 _____ () C:\Windows\System32\Tasks\{7BE1A506-0BA1-477B-9193-679C646A91C6}
2014-02-05 18:39 - 2013-07-04 22:34 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 20:49 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 19:53 - 2014-02-04 19:52 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Users\ferryklein\AppData\Roaming\awesomehp
2014-02-04 19:52 - 2014-02-04 19:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 19:51 - 2014-02-04 19:51 - 00000974 _____ () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000950 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-02-04 19:50 - 2014-02-04 19:50 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114(1).exe
2014-01-31 22:15 - 2010-04-23 17:36 - 00000000 ____D () C:\Users\ferryklein\AppData\Local\Adobe
2014-01-30 19:49 - 2013-11-19 21:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 19:48 - 2014-01-30 19:47 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-30 19:48 - 2009-12-13 22:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-30 19:45 - 2014-01-30 19:45 - 00921000 _____ (Oracle Corporation) C:\Users\ferryklein\Downloads\jxpiinstall(3).exe
2014-01-26 16:30 - 2014-01-26 16:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 16:30 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 16:30 - 2011-11-15 21:56 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 16:29 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 16:25 - 2010-09-24 21:15 - 00000000 ____D () C:\ProgramData\Apple
2014-01-24 14:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ___RD () C:\Users\ferryklein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 18:35 - 2010-04-14 20:54 - 00000000 ____D () C:\Users\ferryklein
2014-01-22 18:34 - 2009-12-13 22:17 - 00000000 __RHD () C:\MSOCache
2014-01-22 18:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-01-20 14:35 - 2012-05-04 17:57 - 00000000 ____D () C:\Users\ferryklein\Documents\Franz
2014-01-19 21:54 - 2014-01-19 21:54 - 08790272 _____ (MP3jam ) C:\Users\ferryklein\Downloads\MP3jamSetup1114.exe
2014-01-19 21:39 - 2009-07-14 05:45 - 00479312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 00:01 - 2009-12-13 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-17 00:00 - 2013-08-15 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:58 - 2010-04-22 21:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 22:02 - 2013-08-27 18:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-12 17:26 - 2014-01-12 17:26 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-12 17:21 - 2014-01-12 17:21 - 136022224 _____ (Landesfinanzdirektion Thüringen) C:\Users\ferryklein\Downloads\ElsterFormular-14.4.20130909k.exe
2014-01-12 17:07 - 2011-03-04 20:09 - 00000000 ____D () C:\Users\ferryklein\Documents\Yannic

Some content of TEMP:
====================
C:\Users\ferryklein\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ferryklein\AppData\Local\Temp\OfficeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\Quarantine.exe
C:\Users\ferryklein\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ferryklein\AppData\Local\Temp\smt_awesomehp_new.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-17 20:06

==================== End Of Log ============================
         
--- --- ---

Alt 09.02.2014, 09:51   #11
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Mit Programme meinst Du die Liste der installierten Programme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.02.2014, 16:15   #12
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Sorry, ich meinte hier:

Systemsteuerung\Programme\Programme und Funktionen

Also in dem Ordner, wo man Programme deinstallieren odern ändern kann.

Gruß

Ferry

Alt 10.02.2014, 10:15   #13
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :regfind
    awesomehp
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.02.2014, 18:09   #14
ferryklein
 
awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 18:05 on 10/02/2014 by ferryklein
Administrator - Elevation successful

========== regfind ==========

Searching for "awesomehp"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\awesomehp.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Search Page"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\ferryklein\AppData\Roaming\awesomehp\awesomehp.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\awesomehpSoftware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\awesomehpSoftware\awesomehphp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Search Page"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp Browser Protecter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp Browser Protecter]
"DisplayName"="awesomehp Browser Protecter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp Browser Protecter]
"UninstallString"="C:\Users\ferryklein\AppData\Roaming\awesomehp\awesomehp.exe -uninstall -bname=awesomehp -ptid=smt -oemid=installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp Browser Protecter]
"DisplayIcon"="C:\Users\ferryklein\AppData\Roaming\awesomehp\awesomehp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp Browser Protecter]
"Publisher"="awesomehp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.awesomehp.com/?type=sc&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_USERS\S-1-5-21-3842024189-3036340141-1986856425-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\awesomehp.com]
[HKEY_USERS\S-1-5-21-3842024189-3036340141-1986856425-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"
[HKEY_USERS\S-1-5-21-3842024189-3036340141-1986856425-1001\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.awesomehp.com/?type=hp&ts=1391539934&from=smt&uid=TOSHIBAXMK5055GSX_Z963F6GESXXZ963F6GES"

-= EOF =-
         

Alt 11.02.2014, 16:31   #15
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Standard

awesomehp läßt sich trotz malwarebytes und adware nicht entfernen



Irgendwie sehr komisch. Bitte nochmal AdwCleaner und Shortcut Cleaner löschen und neu laden, beides laufen und löschen lassen, dann frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu awesomehp läßt sich trotz malwarebytes und adware nicht entfernen
abend, adware, awesomehp, chip.de, download, eingefangen, entferne, entfernen, gefangen, gen, guten, malwarebytes, seite, software, trotz



Ähnliche Themen: awesomehp läßt sich trotz malwarebytes und adware nicht entfernen


  1. TR/patched.Ren.Gen läßt sich nicht entfernen
    Log-Analyse und Auswertung - 24.08.2014 (9)
  2. AdWare (via Traffic Junky) lässt sich trotz Malwarebytes und AdwCleaner nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (13)
  3. Mysearchdial läßt sich nicht entfernen
    Log-Analyse und Auswertung - 05.03.2014 (8)
  4. Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (9)
  5. Iminent läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (9)
  6. C:\test.exe läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (3)
  7. Spyhunter 4 läßt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (30)
  8. Malware läßt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (3)
  9. tr/dldr.tracur.b.11 läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  10. TR/PSW.Delf.23040 läßt sich nicht entfernen
    Log-Analyse und Auswertung - 18.05.2009 (20)
  11. ShlapiW32.dll läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.08.2007 (6)
  12. Adware und Trojaner läßt sich nicht löschen
    Log-Analyse und Auswertung - 16.06.2007 (21)
  13. Tr/Agent läßt sich nicht Entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.06.2007 (1)
  14. Trojaner läßt sich nicht entfernen...!!
    Plagegeister aller Art und deren Bekämpfung - 20.04.2007 (4)
  15. Dieser Trojaner läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.12.2006 (15)
  16. C2Lop läßt sich nicht entfernen!
    Mülltonne - 03.09.2006 (1)
  17. Hijacker läßt sich nicht entfernen
    Log-Analyse und Auswertung - 27.07.2004 (4)

Zum Thema awesomehp läßt sich trotz malwarebytes und adware nicht entfernen - Guten Abend, habe mir beim download einer software von der Seite von chip.de awesomehp eingefangen und kann es trotz Malwarebytes bzw. adware nicht entfernen. Kann mir bitte jemand behilflich sein? - awesomehp läßt sich trotz malwarebytes und adware nicht entfernen...
Archiv
Du betrachtest: awesomehp läßt sich trotz malwarebytes und adware nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.