Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2014, 21:42   #1
sphagnicola
 
Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Standard

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW



Hallo, ich habe ein Problem.

Ich habe eine Internetseit erstellt und ein Bekannter meldet mir jetzt, dass er die Seite nicht aufrufen kann:

"Mein Viren-Programm sperrt mir diese Seite xxxxxxxx
Mit der Begründung eines Trojaners: Die Meldung lautet JS/Agent.NKW Trojaner"

Die Seite basiert auf Joomla. Was muss ich machen? Sitzt die auf meinem Rechner oder in der Joomlainstallation? Die URL der Seite kann ich gerne mitteilen, wollte sie aber nicht im Anfangspost naiv hinschreiben.

LG
Spaghnicola

Alt 05.05.2014, 06:49   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Standard

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.05.2014, 08:48   #3
sphagnicola
 
Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Standard

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW



FRST.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-05-2014
Ran by Sebastian (administrator) on SEBASTIAN-PC on 05-05-2014 09:41:55
Running from C:\Users\Sebastian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNGEE.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-23] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKU\S-1-5-21-1229241503-1036117088-2021709069-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1229241503-1036117088-2021709069-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1229241503-1036117088-2021709069-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Sebastian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D6206B3B067CF01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: 127.0.0.1 sams.nikonimaging.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firebug - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\Extensions\firebug@software.joehewitt.com.xpi [2012-11-17]
FF Extension: Imperia OneClickEdit - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\Extensions\oce@imperia.de.xpi [2012-11-20]
FF Extension: TinEye Reverse Image Search - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\Extensions\tineye@ideeinc.com.xpi [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-05-06]

==================== Services (Whitelisted) =================

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-09-23] ()
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-03-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-03-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-03-20] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] ()
S3 cpuz130; \??\C:\Users\SEBAST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-05 09:41 - 2014-05-05 09:42 - 00019048 _____ () C:\Users\Sebastian\Desktop\FRST.txt
2014-05-05 09:41 - 2014-05-05 09:41 - 02062336 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2014-05-05 09:41 - 2014-05-05 09:41 - 00000000 ____D () C:\FRST
2014-05-05 09:38 - 2014-05-05 09:38 - 15748056 _____ () C:\Users\Sebastian\Desktop\_039.tif
2014-05-05 08:49 - 2014-05-05 08:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E7D4D7B0-F2B3-4F94-8EF2-325C53D03EF8}
2014-05-04 23:10 - 2014-05-04 23:10 - 00051938 _____ () C:\Users\Sebastian\Desktop\mod_facebooklike.zip
2014-05-04 20:48 - 2014-05-04 20:48 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{699E9E20-BB53-41F7-9EDA-E02BCA9657AE}
2014-05-04 08:48 - 2014-05-04 08:48 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{075B312D-BBF7-4F81-A4B4-DC562DD2ACE9}
2014-05-03 21:05 - 2014-05-03 21:05 - 00023587 _____ () C:\Users\Sebastian\Desktop\Adressenliste.csv
2014-05-03 20:47 - 2014-05-03 20:48 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{6DB9A267-7616-4B90-BAA5-E6D01516B9D5}
2014-05-03 20:42 - 2014-05-03 20:42 - 01132546 _____ () C:\Users\Sebastian\Desktop\871_4ca8b717e.zip
2014-05-03 20:36 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\Sebastian\Desktop\870_14ae163de
2014-05-03 20:35 - 2014-05-03 20:35 - 09618202 _____ () C:\Users\Sebastian\Desktop\870_14ae163de.zip
2014-05-03 08:47 - 2014-05-03 08:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{A7EB091A-0CEF-4E49-8AFA-EFC63C5A1532}
2014-05-02 23:26 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 23:26 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 23:26 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 23:26 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 19:57 - 2014-05-02 19:57 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{12A95825-AB00-46A1-8479-E2253C885CD3}
2014-05-02 07:56 - 2014-05-02 07:57 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{6EB20998-86B9-4C6A-B717-975206CA105F}
2014-05-01 19:12 - 2014-05-01 19:12 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{24C3CAF6-8927-486E-A31D-F23E9EE0A84A}
2014-05-01 07:33 - 2014-05-01 07:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\Enssle2
2014-05-01 07:15 - 2014-05-01 07:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Enssle
2014-05-01 07:12 - 2014-05-01 07:12 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{FF59F6C2-21B3-4EC6-9109-A218A7ECC1B1}
2014-04-30 21:15 - 2014-05-02 21:32 - 00000000 ____D () C:\Users\Sebastian\Desktop\HP ergänzung
2014-04-30 11:18 - 2014-04-30 11:18 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{C228F792-05A2-421C-B5A5-1B161B38C8F4}
2014-04-29 20:01 - 2014-04-29 20:01 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{CCBB2CFA-2ACE-474E-98F3-7B9469AED552}
2014-04-29 08:00 - 2014-04-29 08:01 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5FE5989A-F1EB-4AF6-831E-E84F3932E58E}
2014-04-28 19:55 - 2014-04-28 19:55 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{EDF141DE-0DA2-43F7-8875-FC33A9D654A6}
2014-04-28 07:58 - 2014-04-28 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-28 07:58 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-28 07:58 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-28 07:58 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-28 07:58 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-28 07:57 - 2014-04-28 07:58 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-28 07:55 - 2014-04-28 07:55 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{4F3C480C-1E51-4B5B-B73C-8F584B2282A1}
2014-04-27 19:32 - 2014-04-27 19:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5A0BFC47-98A9-46E5-9877-64F5BD40E702}
2014-04-27 07:32 - 2014-04-27 07:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{A2E6C70B-D73A-48C2-B086-911B7A5FB8F1}
2014-04-26 19:31 - 2014-04-26 19:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5FC0577A-CF10-4471-87A7-1520E39659BB}
2014-04-26 07:31 - 2014-04-26 07:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{3625C295-32F8-4C43-9B3F-17EDEC831F84}
2014-04-25 19:30 - 2014-04-25 19:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E2701947-CDB4-45F1-B10C-8C5F085A0432}
2014-04-25 07:30 - 2014-04-25 07:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{DB046974-0C85-47C2-9EC3-8F3C059DA281}
2014-04-24 19:30 - 2014-04-24 19:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{C1E0CBEF-0251-4169-B9C4-ACC5487FCF6B}
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{26177821-D05E-47D9-AB6A-6138DAA0C32B}
2014-04-23 19:29 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{29A621F3-46D7-413B-AB0E-471C722B06FC}
2014-04-23 07:29 - 2014-04-23 07:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{62DF7711-DC5C-4DC3-A32D-7D4E63DBA31B}
2014-04-22 19:28 - 2014-04-22 19:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{14293006-87F1-495A-A07A-497482DE309A}
2014-04-22 07:28 - 2014-04-22 07:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{3598D530-2DE1-4624-BA23-CBE414F4FB57}
2014-04-21 19:27 - 2014-04-21 19:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{9238B4AE-581E-4BB4-A9D5-6747B9F97612}
2014-04-21 07:27 - 2014-04-21 07:27 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{6B80AC19-BB6F-4499-B7EC-F501BF4CDC0C}
2014-04-20 12:19 - 2014-04-20 12:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5FB46051-E7BF-4DE9-B008-6304937F9F12}
2014-04-17 08:36 - 2014-04-17 08:36 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{C26B4915-4BF0-4846-AC4A-FAFC6D2ABAB3}
2014-04-16 20:35 - 2014-04-16 20:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{FA30CFEA-6056-4416-A2FA-00CB50435C28}
2014-04-16 08:35 - 2014-04-16 08:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{81AB0304-A73D-4275-BB46-5EBD9E61EEC3}
2014-04-15 23:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 23:00 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 23:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 23:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 22:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 22:59 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 22:59 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 22:59 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 22:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 22:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 22:59 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 22:59 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 22:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 22:59 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 22:59 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 22:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 22:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 22:59 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 22:59 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 22:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 22:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 22:59 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 22:59 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 22:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 22:59 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 22:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 22:59 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 22:59 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 22:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 22:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 22:59 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 22:59 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 22:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 22:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 22:59 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 22:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 22:59 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 22:59 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 22:59 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 22:59 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 22:59 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 22:59 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 22:59 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 22:59 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 20:34 - 2014-04-15 20:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{0D814EC9-8B9E-4382-BB43-EAB947BF8834}
2014-04-15 08:34 - 2014-04-15 08:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{AB222C5A-1AD1-4C12-90E7-767310B5BE05}
2014-04-14 20:34 - 2014-04-14 20:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{7F41022F-BE27-4467-930D-D2985AEDEB7C}
2014-04-14 08:34 - 2014-04-14 08:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{F174AEF1-6FBA-4425-A4B0-9624D074E7C3}
2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{FCCE2BBA-1661-4055-97F5-F26CF87A309F}
2014-04-13 08:33 - 2014-04-13 08:33 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{927AE4F7-D03E-400F-B022-FB3BE24A1341}
2014-04-12 20:33 - 2014-04-12 20:33 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{B0525791-177F-44C6-B6A0-C740BB22397C}
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{440E790E-26C0-4380-9B48-C4F46BE460AA}
2014-04-11 20:32 - 2014-04-11 20:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{00FED6FD-67E4-4169-8167-5FC70D218412}
2014-04-11 08:32 - 2014-04-11 08:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{70A6F03D-397C-401B-A859-38A03F2FE500}
2014-04-10 20:31 - 2014-04-10 20:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{0C43A145-267F-4999-8007-2270C7641ABC}
2014-04-10 08:31 - 2014-04-10 08:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{CAD41AFD-9274-4592-85B8-61BBE7F90B6F}
2014-04-09 21:40 - 2014-04-30 21:12 - 00000000 ____D () C:\Users\Sebastian\Desktop\Neuer Ordner
2014-04-09 20:31 - 2014-04-09 20:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{53365F2D-FE37-451A-9DA4-27C1F54028E0}
2014-04-09 08:30 - 2014-04-09 08:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{79961ED6-336D-4178-A58D-1DCCC46233E7}
2014-04-09 07:08 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:08 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:08 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:08 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:08 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:08 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:08 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:08 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:08 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:08 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:08 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:08 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:08 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:08 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:08 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:08 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:08 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:30 - 2014-04-08 20:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E1A5C85A-8CE5-4610-8BD1-2CA170E72B6F}
2014-04-08 08:30 - 2014-04-08 08:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{4D255AB3-993A-455B-A07F-9FA71CC37953}
2014-04-07 20:29 - 2014-04-07 20:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{2FDC7C1A-9D11-4D32-92DC-7956BEC173B1}
2014-04-07 08:29 - 2014-04-07 08:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E7A9EBF6-4B55-4100-94E1-197E60A808BF}
2014-04-06 20:29 - 2014-04-06 20:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{2C30F79A-6B6F-4DDF-AACE-6182DFEF784A}
2014-04-06 08:28 - 2014-04-06 08:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{1C904C47-1635-4DBB-BC80-EF1393CCC9EB}
2014-04-05 20:28 - 2014-04-05 20:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{1804E41B-4A2A-451E-A545-DDE4F1F07F41}
2014-04-05 08:28 - 2014-04-05 08:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{CFFF177B-DEA1-4058-9169-B964F9DE84D2}

==================== One Month Modified Files and Folders =======

2014-05-05 09:42 - 2014-05-05 09:41 - 00019048 _____ () C:\Users\Sebastian\Desktop\FRST.txt
2014-05-05 09:41 - 2014-05-05 09:41 - 02062336 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2014-05-05 09:41 - 2014-05-05 09:41 - 00000000 ____D () C:\FRST
2014-05-05 09:38 - 2014-05-05 09:38 - 15748056 _____ () C:\Users\Sebastian\Desktop\_039.tif
2014-05-05 09:19 - 2012-08-15 12:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-05 09:03 - 2012-09-19 21:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 08:54 - 2011-05-06 18:02 - 01879809 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 08:49 - 2014-05-05 08:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E7D4D7B0-F2B3-4F94-8EF2-325C53D03EF8}
2014-05-05 07:23 - 2011-05-10 20:27 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Adobe
2014-05-05 07:21 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 07:21 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 07:18 - 2013-04-06 13:27 - 00006400 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-05-05 07:14 - 2011-05-10 19:55 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\SoftThinks
2014-05-05 07:13 - 2013-04-09 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-05 07:13 - 2012-09-19 21:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-05 07:13 - 2012-08-14 23:30 - 00051123 _____ () C:\Windows\setupact.log
2014-05-05 07:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 23:10 - 2014-05-04 23:10 - 00051938 _____ () C:\Users\Sebastian\Desktop\mod_facebooklike.zip
2014-05-04 20:48 - 2014-05-04 20:48 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{699E9E20-BB53-41F7-9EDA-E02BCA9657AE}
2014-05-04 14:32 - 2011-08-22 21:55 - 00000132 _____ () C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-05-04 09:26 - 2011-05-10 20:33 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-05-04 08:48 - 2014-05-04 08:48 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{075B312D-BBF7-4F81-A4B4-DC562DD2ACE9}
2014-05-04 08:24 - 2012-05-02 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-03 21:05 - 2014-05-03 21:05 - 00023587 _____ () C:\Users\Sebastian\Desktop\Adressenliste.csv
2014-05-03 20:48 - 2014-05-03 20:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{6DB9A267-7616-4B90-BAA5-E6D01516B9D5}
2014-05-03 20:42 - 2014-05-03 20:42 - 01132546 _____ () C:\Users\Sebastian\Desktop\871_4ca8b717e.zip
2014-05-03 20:36 - 2014-05-03 20:36 - 00000000 ____D () C:\Users\Sebastian\Desktop\870_14ae163de
2014-05-03 20:35 - 2014-05-03 20:35 - 09618202 _____ () C:\Users\Sebastian\Desktop\870_14ae163de.zip
2014-05-03 18:49 - 2011-05-06 18:06 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-03 08:47 - 2014-05-03 08:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{A7EB091A-0CEF-4E49-8AFA-EFC63C5A1532}
2014-05-03 08:12 - 2011-05-10 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 21:32 - 2014-04-30 21:15 - 00000000 ____D () C:\Users\Sebastian\Desktop\HP ergänzung
2014-05-02 19:57 - 2014-05-02 19:57 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{12A95825-AB00-46A1-8479-E2253C885CD3}
2014-05-02 07:57 - 2014-05-02 07:56 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{6EB20998-86B9-4C6A-B717-975206CA105F}
2014-05-01 19:12 - 2014-05-01 19:12 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{24C3CAF6-8927-486E-A31D-F23E9EE0A84A}
2014-05-01 11:31 - 2011-06-26 21:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\Literatur
2014-05-01 07:42 - 2014-05-01 07:33 - 00000000 ____D () C:\Users\Sebastian\Desktop\Enssle2
2014-05-01 07:34 - 2014-05-01 07:15 - 00000000 ____D () C:\Users\Sebastian\Desktop\Enssle
2014-05-01 07:12 - 2014-05-01 07:12 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{FF59F6C2-21B3-4EC6-9109-A218A7ECC1B1}
2014-04-30 21:12 - 2014-04-09 21:40 - 00000000 ____D () C:\Users\Sebastian\Desktop\Neuer Ordner
2014-04-30 11:18 - 2014-04-30 11:18 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{C228F792-05A2-421C-B5A5-1B161B38C8F4}
2014-04-29 20:01 - 2014-04-29 20:01 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{CCBB2CFA-2ACE-474E-98F3-7B9469AED552}
2014-04-29 16:01 - 2014-05-02 23:26 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-02 23:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-02 23:26 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-02 23:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 11:19 - 2012-05-10 03:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 11:19 - 2012-05-10 03:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 11:19 - 2011-06-09 05:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 08:01 - 2014-04-29 08:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5FE5989A-F1EB-4AF6-831E-E84F3932E58E}
2014-04-28 19:55 - 2014-04-28 19:55 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{EDF141DE-0DA2-43F7-8875-FC33A9D654A6}
2014-04-28 08:09 - 2013-10-22 08:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-28 07:58 - 2014-04-28 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-28 07:58 - 2014-04-28 07:57 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-28 07:58 - 2011-05-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-28 07:55 - 2014-04-28 07:55 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{4F3C480C-1E51-4B5B-B73C-8F584B2282A1}
2014-04-27 19:32 - 2014-04-27 19:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5A0BFC47-98A9-46E5-9877-64F5BD40E702}
2014-04-27 07:32 - 2014-04-27 07:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{A2E6C70B-D73A-48C2-B086-911B7A5FB8F1}
2014-04-26 19:31 - 2014-04-26 19:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5FC0577A-CF10-4471-87A7-1520E39659BB}
2014-04-26 07:31 - 2014-04-26 07:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{3625C295-32F8-4C43-9B3F-17EDEC831F84}
2014-04-25 19:31 - 2014-04-25 19:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E2701947-CDB4-45F1-B10C-8C5F085A0432}
2014-04-25 07:30 - 2014-04-25 07:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{DB046974-0C85-47C2-9EC3-8F3C059DA281}
2014-04-24 21:50 - 2011-05-11 01:28 - 00000000 ____D () C:\Users\Sebastian\Desktop\Webbilder
2014-04-24 21:40 - 2011-06-26 19:54 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-04-24 19:30 - 2014-04-24 19:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{C1E0CBEF-0251-4169-B9C4-ACC5487FCF6B}
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{26177821-D05E-47D9-AB6A-6138DAA0C32B}
2014-04-23 19:29 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{29A621F3-46D7-413B-AB0E-471C722B06FC}
2014-04-23 07:29 - 2014-04-23 07:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{62DF7711-DC5C-4DC3-A32D-7D4E63DBA31B}
2014-04-22 19:28 - 2014-04-22 19:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{14293006-87F1-495A-A07A-497482DE309A}
2014-04-22 17:45 - 2011-06-26 19:54 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-04-22 07:28 - 2014-04-22 07:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{3598D530-2DE1-4624-BA23-CBE414F4FB57}
2014-04-21 19:28 - 2014-04-21 19:27 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{9238B4AE-581E-4BB4-A9D5-6747B9F97612}
2014-04-21 07:27 - 2014-04-21 07:27 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{6B80AC19-BB6F-4499-B7EC-F501BF4CDC0C}
2014-04-20 12:19 - 2014-04-20 12:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{5FB46051-E7BF-4DE9-B008-6304937F9F12}
2014-04-17 08:36 - 2014-04-17 08:36 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{C26B4915-4BF0-4846-AC4A-FAFC6D2ABAB3}
2014-04-16 20:35 - 2014-04-16 20:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{FA30CFEA-6056-4416-A2FA-00CB50435C28}
2014-04-16 10:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 08:35 - 2014-04-16 08:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{81AB0304-A73D-4275-BB46-5EBD9E61EEC3}
2014-04-16 07:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-16 07:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-15 20:35 - 2014-04-15 20:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{0D814EC9-8B9E-4382-BB43-EAB947BF8834}
2014-04-15 08:34 - 2014-04-15 08:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{AB222C5A-1AD1-4C12-90E7-767310B5BE05}
2014-04-14 20:34 - 2014-04-14 20:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{7F41022F-BE27-4467-930D-D2985AEDEB7C}
2014-04-14 20:13 - 2014-04-28 07:58 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-28 07:58 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-28 07:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-28 07:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 08:34 - 2014-04-14 08:34 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{F174AEF1-6FBA-4425-A4B0-9624D074E7C3}
2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{FCCE2BBA-1661-4055-97F5-F26CF87A309F}
2014-04-13 08:33 - 2014-04-13 08:33 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{927AE4F7-D03E-400F-B022-FB3BE24A1341}
2014-04-12 20:33 - 2014-04-12 20:33 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{B0525791-177F-44C6-B6A0-C740BB22397C}
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{440E790E-26C0-4380-9B48-C4F46BE460AA}
2014-04-11 20:32 - 2014-04-11 20:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{00FED6FD-67E4-4169-8167-5FC70D218412}
2014-04-11 08:32 - 2014-04-11 08:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{70A6F03D-397C-401B-A859-38A03F2FE500}
2014-04-10 20:31 - 2014-04-10 20:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{0C43A145-267F-4999-8007-2270C7641ABC}
2014-04-10 14:30 - 2011-05-12 01:47 - 00001456 _____ () C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-04-10 08:31 - 2014-04-10 08:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{CAD41AFD-9274-4592-85B8-61BBE7F90B6F}
2014-04-09 22:25 - 2009-07-14 04:34 - 00000531 _____ () C:\Windows\win.ini
2014-04-09 22:24 - 2013-08-16 01:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 22:23 - 2011-08-11 04:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 20:31 - 2014-04-09 20:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{53365F2D-FE37-451A-9DA4-27C1F54028E0}
2014-04-09 08:31 - 2014-04-09 08:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{79961ED6-336D-4178-A58D-1DCCC46233E7}
2014-04-08 20:30 - 2014-04-08 20:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E1A5C85A-8CE5-4610-8BD1-2CA170E72B6F}
2014-04-08 16:58 - 2011-05-11 01:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\FileZilla
2014-04-08 08:30 - 2014-04-08 08:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{4D255AB3-993A-455B-A07F-9FA71CC37953}
2014-04-07 20:30 - 2014-04-07 20:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{2FDC7C1A-9D11-4D32-92DC-7956BEC173B1}
2014-04-07 08:29 - 2014-04-07 08:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{E7A9EBF6-4B55-4100-94E1-197E60A808BF}
2014-04-06 20:29 - 2014-04-06 20:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{2C30F79A-6B6F-4DDF-AACE-6182DFEF784A}
2014-04-06 08:29 - 2014-04-06 08:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{1C904C47-1635-4DBB-BC80-EF1393CCC9EB}
2014-04-05 20:28 - 2014-04-05 20:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{1804E41B-4A2A-451E-A545-DDE4F1F07F41}
2014-04-05 08:28 - 2014-04-05 08:28 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\{CFFF177B-DEA1-4058-9169-B964F9DE84D2}

Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLck.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Sebastian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Sebastian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Sebastian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sebastian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sebastian\AppData\Local\Temp\npp.6.3.2.Installer.exe
C:\Users\Sebastian\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 11:14

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-05-2014
Ran by Sebastian at 2014-05-05 09:43:02
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.0 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{881F6DFF-9090-E49F-4CF7-4827705D0F56}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Brandenburg Berlin 2.0 (HKLM-x32\...\{E5856DAC-D612-4B66-BD10-76720817E1BC}) (Version: 2.0 - MagicMaps)
Capture NX 2 (HKLM-x32\...\Capture NX 2) (Version: 2.2.6 - NIKON CORPORATION)
Catalyst Control Center InstallProxy (x32 Version: 2010.1208.2156.39317 - ATI Technologies, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Interaktive Kartenwerk. Deutschland (HKLM-x32\...\{BFFE230A-8520-423D-8A22-DB82C9922925}) (Version: 2.0.3 - MagicMaps)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{17407164-F2AD-4E04-886B-8060D503F21C}) (Version: 1.4.162.0 - Fingertapps)
Dell Stage (HKLM-x32\...\{AB1723E2-05BC-49C1-86AB-409764C0E608}) (Version: 1.4.173.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.47.6 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EPSON S22 Series Printer Uninstall (HKLM\...\EPSON S22 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
m.objects v5 (HKLM-x32\...\m.objects v5) (Version: 3.0 - Richter & Wehner)
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{2CA3495A-46E9-4E03-866F-8B9B0AD177CA}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
Neat Image v7.0 Demo plug-in for Photoshop (64-bit) (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version:  - Neat Image team, ABSoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
ODBC (HKLM-x32\...\ODBC) (Version:  - )
Opera 11.51 (HKLM-x32\...\Opera 11.51.1087) (Version: 11.51.1087 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.27 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.27 - SSW Software GmbH) Hidden
Safari (HKLM-x32\...\{735619D4-B42A-437A-958C-199BFCAEDB38}) (Version: 5.34.50.0 - Apple Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spyder3Express (HKLM-x32\...\Spyder3Express) (Version:  - )
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Top50 Viewer (HKLM-x32\...\DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)) (Version:  - )
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wuala (HKCU\...\Wuala) (Version: 1.0.428.0 - LaCie)

==================== Restore Points  =========================

24-04-2014 05:07:51 Windows Update
28-04-2014 05:56:11 Installed Java 7 Update 55
28-04-2014 06:03:35 Windows Update
02-05-2014 06:05:21 Windows Update
02-05-2014 21:26:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-05-12 13:09 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 sams.nikonimaging.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0BDA7457-CF5E-47F6-8001-849E98C610D8} - System32\Tasks\AdobeAAMUpdater-1.0-Sebastian-PC-Sebastian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {0C80DA70-1D14-45AD-9A69-A46BFDCA39D3} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe
Task: {41A49407-A20D-499B-B74B-8CA5F408B153} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)
Task: {529EBE41-2556-4B29-A15E-CB075CB3A4E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)
Task: {5B703E4B-A0A5-456A-8632-1EF46A378131} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {840B63D7-2874-4159-81CC-96F52B3A6E66} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C85B15BA-5453-410C-A9B7-74CD343ACCFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-09 17:45 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2009-08-11 10:19 - 2009-08-11 10:19 - 06798714 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-03-28 11:03 - 2011-03-28 11:03 - 00050176 _____ () C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\QuickTimeGlue.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-05-06 18:06 - 2010-08-11 18:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00135168 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00147456 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00897024 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00762368 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00335872 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00131072 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00028672 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2009-08-11 10:19 - 2009-08-11 10:19 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-12-18 20:43 - 2013-12-18 20:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2014-02-15 10:13 - 2014-02-15 10:13 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2011-05-06 18:02 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-05-10 20:04 - 2014-05-03 08:12 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-29 11:19 - 2014-04-29 11:19 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2011-01-12 07:08 - 2011-01-12 07:08 - 00060416 _____ () C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/05/2014 07:14:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2014 05:32:49 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 29.0.0.5224 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ae4

Startzeit: 01cf676280359179

Endzeit: 72

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 56a3e39a-d3a1-11e3-bcc4-782bcb94fad5

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.


System errors:
=============
Error: (05/02/2014 07:54:54 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/26/2014 07:22:40 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/26/2014 07:22:40 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/22/2014 06:26:19 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/22/2014 06:26:19 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/17/2014 06:58:35 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/17/2014 06:58:35 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/11/2014 06:45:02 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/11/2014 06:45:01 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (04/10/2014 08:05:09 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004


Microsoft Office Sessions:
=========================
Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 0098020000002D010000

Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 0078020000002D010000

Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 009120200000000000000AF000000

Error: (05/05/2014 07:18:33 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 007120200000000000000AF000000

Error: (05/05/2014 07:14:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2014 05:32:49 PM) (Source: Application Hang)(User: )
Description: firefox.exe29.0.0.5224ae401cf67628035917972C:\Program Files (x86)\Mozilla Firefox\firefox.exe56a3e39a-d3a1-11e3-bcc4-782bcb94fad5

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 0098020000002D010000

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 0078020000002D010000

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 009120200000000000000AF000000

Error: (05/04/2014 08:28:53 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: 007120200000000000000AF000000


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 8174.45 MB
Available physical RAM: 5538.82 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 13082.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.85 GB) (Free:652.45 GB) NTFS
Drive g: (NIKON D300) (Removable) (Total:7.63 GB) (Free:6.02 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 58000000)
Partition 1: (Not Active) - (Size=173 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-712055455744) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 05.05.2014, 16:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Standard

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW



Auf dem Rechner seh ich jetzt mal nix. Mit wie vielen Rechnern gehst Du per FTP auf den Server?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.05.2014, 21:25   #5
sphagnicola
 
Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Standard

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW



Hallo,

ich danke Dir für deine Hilfe. Ich habe es heute selber gelöst.

Falls andere so ein Problem haben, will ich hier kurz die Lösung erläutern:

Meine HP basiert auf Joomla 2.5 und das Template was ich vor einiger Zeit gekauft hatte, nutzte das Modul AutsonSlideShow. Durch googeln wurde ich darauf aufmerksam, das der Entwickler des Moduls damals wohl schädlichen Code eingebaut hat, welcher von Virenscannern bemängelt wird.

Links zu dem Problem:
hxxp://forum.joomla.org/viewtopic.php?t=795946
hxxp://www.joomla51.com/forum/8-commercial-templates/3943-using-the-autson-slideshow-please-read-js-hiddenlink

Durch das löschen des schädlichen Codeabschnittes können meine Kunden die Seite nun ohne Warnung ihres Virenscanners öffnen.


Alt 06.05.2014, 16:31   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Standard

Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW



perfekt
__________________
--> Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW

Antwort

Themen zu Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW
aufrufe, aufrufen, begründung, bekannter, erstell, erstellt, inter, interne, joomla, js/agent.nkw, melde, meldet, meldung, rechner, seite, sitzt, sperrt, teile, teilen, troja, trojaner, trojaners



Ähnliche Themen: Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW


  1. Falsche Seite besucht, nun Trojaner-Problem Trojan.Agent.MSIL etc
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (7)
  2. Spybot 2 Ergebnis Interpretation user agent, google url
    Plagegeister aller Art und deren Bekämpfung - 31.01.2014 (3)
  3. Windows XP: Avira meldet mehrere Trojaner, wurde beim Online Banking auf falsche Seite geleitet...
    Log-Analyse und Auswertung - 09.09.2013 (13)
  4. Eigene Dateien verschlüsselt (XP SP3) (Matsnu, Crypt, Rogue, Agent)
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (2)
  5. Joomla-Website 3x gehackt - lt. Admin Trojaner auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (18)
  6. ständig neue Trojaner-Funde in C:User/user/AppData
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (31)
  7. Virus auf Joomla und SMF Seite
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (3)
  8. URL:MAL avast meldet blockierte seite
    Log-Analyse und Auswertung - 18.06.2012 (12)
  9. Phishing / Trojaner? c1x4v4.php auf Joomla Webseite gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (0)
  10. Schwarze Symbolleisten (Kein Zugriff auf Eigene Dateien oder Eigene Bilder)
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)
  11. ESET NOD32 AV4 meldet - MBR Win32 / Agent SDG .Gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (9)
  12. WinXP AVG_2011 meldet Trojaner: Dropper.Agent.ACKY
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (14)
  13. Trojaner? Mein Rechner und meine Joomla-Seiten sind verseucht
    Log-Analyse und Auswertung - 18.07.2010 (1)
  14. Trojaner TR/Agent...verschiedene Nummern - win xp meldet sich ab
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (1)
  15. VB WinHTTP User Agent
    Plagegeister aller Art und deren Bekämpfung - 12.07.2009 (0)
  16. AntiVir Guard meldet Trojaner TR/agent.4699961
    Plagegeister aller Art und deren Bekämpfung - 24.08.2008 (36)

Zum Thema Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW - Hallo, ich habe ein Problem. Ich habe eine Internetseit erstellt und ein Bekannter meldet mir jetzt, dass er die Seite nicht aufrufen kann: "Mein Viren-Programm sperrt mir diese Seite xxxxxxxx - Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW...
Archiv
Du betrachtest: Eigene Joomla Seite und User meldet Trojaner JS/Agent.NKW auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.