Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Monitoring Tool: MSIL/Limitless

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.05.2014, 08:57   #1
dellirium83
 
Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Hallo, habe auf meinem Rechner ein Problem mit dem Microsoft Outlook, werde bombadiert mit Mails.
Microsoft Security Essentials erkennt einen schwerwiegenden fehler:
"Monitoring Tool:MSIL/Limitless"
Kennt jemand diesen Fehler, wenn ja wie kriege ich den wieder von meinem PC?

Danke im Voraus, Sandro

Alt 22.05.2014, 09:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.05.2014, 10:46   #3
dellirium83
 
Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Bruno gebaltag W7 (administrator) on BRUNO-PCW7 on 22-05-2014 11:40:40
Running from C:\Users\Bruno gebaltag W7\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Windows\CTHELPER.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CREALOGIX E-Payment AG) C:\Program Files\CLX.PayPen\CLXReader.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AutoIt Team) C:\Users\Bruno gebaltag W7\n28u22648s7p\update.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
(Microsoft Corporation) C:\Windows\System32\ntvdm.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [CTHelper] => C:\Windows\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-08] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [28672 2006-12-12] (Creative Technology Ltd)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [CLXReader] => C:\Program Files\CLX.PayPen\CLXReader.exe [4108112 2012-03-08] (CREALOGIX E-Payment AG)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-10] (Google Inc.)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [Gadwin PrintScreen (32-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe [11742368 2014-02-04] (Gadwin Systems)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\RunOnce: [n28u22648s7p] - C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs [135 2014-05-21] ()
Startup: C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe (Microsoft Corporation)
Startup: C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gebaltag.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74DC6EA2AC47CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
URLSearchHook: HKCU - (No Name) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} -  No File
SearchScopes: HKCU - {912780D6-9633-44F7-AF60-C9F0A1052EF5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=4E694259-EEE7-4368-90F3-7574AEDBAE5C&apn_sauid=63B876B1-1E74-4030-AD01-E2C90B49E431&
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={6719C70B-015C-4F00-8195-63A3E3E02CF9}&mid=4d860563558a47cf9c9a948a027528ec-2107c46f990cd06e0b53a860f653153ab9746932&lang=de&ds=hk011&pr=sa&d=2012-07-13 18:14:40&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F055005A-1F46-47AF-A181-4E521A44B2DD} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} hxxp://parts.husqvarna.com/WebResource.axd?d=y-GDijKIXiC7nQjcbwgAa5HM_MEZjdvRYfEo9SyY_LTh0DhxUpj7HSBCNmffydro_j-n9hAloQPfQRLqFX1_0m-0dlXzXdesUKf8d2yGqCE1&t=634322293860000000
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Bruno gebaltag W7\AppData\Roaming\Mozilla\Firefox\Profiles\vadg9kbf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-08]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.gebaltag.ch/
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: hxxp://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=827316&ilc=12&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (YouTube) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (Google-Suche) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (Logitech SetPoint) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-09]
CHR Extension: (RealDownloader) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-05]
CHR Extension: (Google Wallet) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]
CHR Extension: (Google Mail) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [44296 2013-01-03] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12808 2013-01-03] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl248edc02; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8EA7EF55-1992-47DF-98BB-13D2AE4E69E9}\MpKsl248edc02.sys [39464 2014-05-22] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [18560 2012-03-08] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 cpuz132; \??\C:\Users\BRUNOG~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 11:40 - 2014-05-22 11:41 - 00021353 _____ () C:\Users\Bruno gebaltag W7\Downloads\FRST.txt
2014-05-22 11:40 - 2014-05-22 11:40 - 00000000 ____D () C:\FRST
2014-05-22 11:39 - 2014-05-22 11:39 - 01056768 _____ (Farbar) C:\Users\Bruno gebaltag W7\Downloads\FRST.exe
2014-05-21 17:28 - 2014-05-21 17:28 - 00000000 _RSHD () C:\Users\Bruno gebaltag W7\n28u22648s7p
2014-05-16 03:26 - 2014-05-16 03:26 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-05-15 03:03 - 2014-05-15 03:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:51 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 20:51 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 20:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 20:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 20:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 20:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 20:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 20:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 20:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 20:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 20:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 20:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-10 13:42 - 2014-05-10 13:42 - 00007747 _____ () C:\Users\Bruno gebaltag W7\Documents\IFAT.odt
2014-05-10 07:31 - 2014-05-10 07:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 03:12 - 2014-05-07 03:12 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 03:00 - 2014-05-15 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 06:40 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-03 06:39 - 2014-05-03 06:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-03 06:39 - 2014-05-03 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-03 06:39 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-03 06:39 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-03 06:39 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-05-22 11:41 - 2014-05-22 11:40 - 00021353 _____ () C:\Users\Bruno gebaltag W7\Downloads\FRST.txt
2014-05-22 11:40 - 2014-05-22 11:40 - 00000000 ____D () C:\FRST
2014-05-22 11:39 - 2014-05-22 11:39 - 01056768 _____ (Farbar) C:\Users\Bruno gebaltag W7\Downloads\FRST.exe
2014-05-22 11:37 - 2010-08-13 21:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 11:30 - 2010-08-12 20:32 - 01801131 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 11:08 - 2012-04-11 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 09:45 - 2013-04-19 12:58 - 00000000 ____D () C:\Program Files\AFSFAKT
2014-05-22 05:53 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 05:53 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 05:50 - 2010-08-12 21:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 05:46 - 2010-08-26 06:19 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Tracing
2014-05-22 05:46 - 2010-08-13 21:29 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 05:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 05:45 - 2009-07-14 06:39 - 00059738 _____ () C:\Windows\setupact.log
2014-05-21 17:28 - 2014-05-21 17:28 - 00000000 _RSHD () C:\Users\Bruno gebaltag W7\n28u22648s7p
2014-05-21 17:28 - 2010-08-12 21:42 - 00000000 ____D () C:\Users\Bruno gebaltag W7
2014-05-16 15:58 - 2013-04-26 18:43 - 00001059 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT.lnk
2014-05-16 15:51 - 2011-06-20 06:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 03:26 - 2014-05-16 03:26 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-05-15 20:08 - 2012-04-11 18:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 20:08 - 2011-05-25 09:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 05:43 - 2013-06-22 12:00 - 00000000 ___RD () C:\Users\Bruno gebaltag W7\Virtual Machines
2014-05-15 04:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 03:23 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:23 - 2014-03-10 16:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-15 03:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 03:07 - 2010-08-25 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:06 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:04 - 2010-08-13 05:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 03:03 - 2014-05-15 03:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-10 13:43 - 2010-08-13 06:51 - 00418234 _____ () C:\Windows\PFRO.log
2014-05-10 13:42 - 2014-05-10 13:42 - 00007747 _____ () C:\Users\Bruno gebaltag W7\Documents\IFAT.odt
2014-05-10 07:32 - 2014-05-10 07:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 20:51 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:51 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:13 - 2013-12-24 12:43 - 00000000 ____D () C:\ProgramData\Garmin
2014-05-07 03:13 - 2013-12-24 12:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 03:13 - 2012-08-27 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-05-07 03:12 - 2014-05-07 03:12 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 03:12 - 2011-05-18 05:50 - 00000000 ____D () C:\Program Files\Garmin
2014-05-06 05:25 - 2014-05-15 03:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 03:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-03 06:41 - 2013-10-21 06:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-03 06:39 - 2014-05-03 06:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-03 06:39 - 2014-05-03 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-03 06:39 - 2010-08-14 07:30 - 00000000 ____D () C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\AMPing.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\ApnStub.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\AskSLib.dll
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\avgnt.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\avguidx.dll
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\ISSetup.dll
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\Make_AutoUpdate.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\oi_{2595C327-2BD1-4ABE-96E0-4D3204E1898F}.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\ose00000.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\stubhelper.dll
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\tbWinZ.dll
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\UNINSTALL.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 20:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 06:21

==================== End Of Log ============================
         
--- --- ---
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Bruno gebaltag W7 at 2014-05-22 11:42:13
Running from C:\Users\Bruno gebaltag W7\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arbortext IsoView 7.1 (HKLM\...\InstallShield_{7579B016-FB15-4801-9FF3-23B053D115A0}) (Version: 7.1.00.31 - PTC)
Arbortext IsoView 7.1 (Version: 7.1.00.31 - PTC) Hidden
ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Address Book 1.1 (HKLM\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.100 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (Version: 1.1.100 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM\...\InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.1200 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (Version: 5.0.1200 - Brother Industries, Ltd.) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.1116.1515.27190 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CLX.PayPen - CLX.PayPen Wireless (HKLM\...\{9C325369-2214-4D02-B94E-170AF5A39387}) (Version: 2.0.1.1 - CREALOGIX)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVSE Updater (HKLM\...\{52167B0C-FB5D-43E7-BEC5-24EE6BEE2BA0}) (Version: 1.5.0.23257 - DVSE GmbH)
Elevated Installer (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESA (HKLM\...\ESA) (Version: 1.0.0.63 - DVSE GmbH)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Gadwin PrintScreen (32-Bit) (HKLM\...\{BF6B5413-F47D-4461-837A-2668788FA97C}) (Version: 5.0.1.0 - Gadwin Systems)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{a2c69cba-542a-4a49-af31-b8a49349064d}) (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Gigaset QuickSync (HKLM\...\{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}) (Version: 7.2.0844.6 - Gigaset Communications GmbH)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Client Management Interface Providers (HKLM\...\{F0A55445-B637-4CEA-A580-A8FC6954130D}) (Version: 1.5.0.4 - Hewlett-Packard Company)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Master_Numerical_Index (HKLM\...\Master_Numerical_Index) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon File Uploader 2 (HKLM\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.3 - Nikon)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.16 - Nikon)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9947 - TeamViewer GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.3 - Nikon)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - C Technologies AB (PayPen) Input Pen  (09/28/2007 2.0.0.0) (HKLM\...\FF0C660232778E730A83A02DA620652B3CF36C07) (Version: 09/28/2007 2.0.0.0 - C Technologies AB)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WiperClient (HKLM\...\WiperClient) (Version:  - )

==================== Restore Points  =========================

12-05-2014 18:00:01 Windows-Sicherung
13-05-2014 18:00:03 Windows-Sicherung
14-05-2014 12:36:35 Windows Update
14-05-2014 18:00:02 Windows-Sicherung
15-05-2014 01:00:25 Windows Update
15-05-2014 18:00:04 Windows-Sicherung
16-05-2014 18:00:07 Windows-Sicherung
17-05-2014 18:00:05 Windows-Sicherung
19-05-2014 03:35:10 Windows-Sicherung
19-05-2014 03:45:54 Windows Update
19-05-2014 18:00:04 Windows-Sicherung
20-05-2014 18:00:01 Windows-Sicherung
21-05-2014 18:00:07 Windows-Sicherung
22-05-2014 04:46:36 Removed pdfforge Toolbar v9.2.
22-05-2014 07:32:55 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {20D6E93B-3411-4EBE-8DCB-E5DBCC5B8EC2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {51D10237-D5EF-4E58-A1F1-C9514C5E53B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {83F6D1BD-CC0A-4034-9D8F-A3E3F0027131} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-13] (Google Inc.)
Task: {85844164-6191-49E9-BBB3-8C4FFCF943F2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3094382841-4238814383-314149776-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9C06E007-A2F5-4D7B-911D-303255AECA21} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3094382841-4238814383-314149776-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B65DD204-CB6A-4096-8DA2-9FE44E1FD17D} - System32\Tasks\{DBCD1F3A-BB2F-4C8D-810A-102AA9A6718A} => C:\Program Files\AFSFAKT\NETINST.EXE [2013-04-19] ()
Task: {BE19B5D5-F427-4821-92CB-5BB2F9C1B382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-13] (Google Inc.)
Task: {CEF75500-6754-49FB-9C53-A4C35FAC85A5} - System32\Tasks\{053A4792-A9DD-4405-B7EB-00BF255696D3} => C:\Program Files\AFSFAKT\NETINST.EXE [2013-04-19] ()
Task: {E777255D-CA4A-4D1F-ADE3-E0E11AF863AD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF511D13-13DF-4D41-A352-351A1CB85C31} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-11-16 15:09 - 2012-11-16 15:09 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-10 07:31 - 2014-05-10 07:31 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Keyboard
Description: PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2014 00:51:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2014 00:50:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2014 00:48:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2014 00:48:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2014 00:48:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 11:40:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 11:40:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 11:38:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 11:38:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 11:38:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/19/2014 07:16:53 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (05/19/2014 07:14:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet: 
%%1115

Error: (05/19/2014 05:34:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht.

Error: (05/17/2014 03:49:56 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (05/16/2014 03:56:05 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (05/16/2014 03:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 6" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/16/2014 03:55:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 6 erreicht.

Error: (05/12/2014 06:01:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2014 06:01:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (05/11/2014 11:51:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht.


Microsoft Office Sessions:
=========================
Error: (07/12/2013 06:23:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1850 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (11/30/2011 03:54:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/28/2011 11:08:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 166 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/30/2011 07:11:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/26/2011 10:24:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/26/2011 10:22:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/24/2011 04:23:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/24/2011 03:37:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 06:54:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3327.57 MB
Available physical RAM: 1945.02 MB
Total Pagefile: 6651.38 MB
Available Pagefile: 5039.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:394.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2C11966B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 23.05.2014, 10:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.05.2014, 15:56   #5
dellirium83
 
Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Code:
ATTFilter
ComboFix 14-05-19.01 - Bruno gebaltag W7 23.05.2014  16:06:40.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.3328.1906 [GMT 2:00]
ausgeführt von:: c:\users\Bruno gebaltag W7\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bruno gebaltag W7\AppData\Roaming\Cuded
c:\users\Bruno gebaltag W7\AppData\Roaming\Cuded\ralas.ozc
c:\users\Bruno gebaltag W7\AppData\Roaming\Iniq
c:\users\Bruno gebaltag W7\AppData\Roaming\Iniq\izbua.ewe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-23 bis 2014-05-23  ))))))))))))))))))))))))))))))
.
.
2014-05-23 14:17 . 2014-05-23 14:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-23 03:51 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886F2312-3675-423B-BCCD-C30807DE0828}\mpengine.dll
2014-05-22 09:40 . 2014-05-22 09:43	--------	d-----w-	C:\FRST
2014-05-22 07:33 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-21 15:28 . 2010-11-05 01:58	32768	----a-w-	c:\users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe
2014-05-21 15:28 . 2014-05-21 15:28	--------	d-sh--r-	c:\users\Bruno gebaltag W7\n28u22648s7p
2014-05-21 05:26 . 2014-05-01 20:59	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C3643B8-3BD7-42F1-ACB3-24AB6B74AA55}\gapaengine.dll
2014-05-16 01:26 . 2014-05-16 01:26	--------	d-----w-	c:\program files\Common Files\Spigot
2014-05-15 01:01 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 01:00 . 2014-05-15 01:23	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-03 04:39 . 2014-04-14 18:13	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 18:08 . 2012-04-11 16:01	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-15 18:08 . 2011-05-25 07:53	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 20:59 . 2014-01-23 05:38	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-11 08:52 . 2013-09-27 08:53	104264	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31 . 2014-04-10 01:05	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-10 01:05	61952	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-10 01:05	455168	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-10 01:05	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-10 01:05	4254720	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-10 01:05	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-10 01:05	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-10 01:05	592896	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-10 01:05	646144	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-10 01:05	32256	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-10 01:05	1967104	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-10 01:05	1789440	----a-w-	c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-12-12 28672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"CLXReader"="c:\program files\CLX.PayPen\CLXReader.exe" [2012-03-08 4108112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-10 39408]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-04-23 122200]
"Gadwin PrintScreen (32-bit)"="c:\program files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe" [2014-02-04 11742368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AsioReg"="CTASIO.DLL" [2006-12-12 79872]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2238704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-10-08 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-04-23 122200]
.
c:\users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RegSvcs.exe [2010-11-5 32768]
start.lnk - c:\users\Bruno gebaltag W7\n28u22648s7p\96596.vbs [2014-5-21 135]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
         
Code:
ATTFilter
ComboFix 14-05-19.01 - Bruno gebaltag W7 23.05.2014  16:38:52.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.3328.2016 [GMT 2:00]
ausgeführt von:: c:\users\Bruno gebaltag W7\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-23 bis 2014-05-23  ))))))))))))))))))))))))))))))
.
.
2014-05-23 14:47 . 2014-05-23 14:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-23 14:47 . 2014-05-23 14:47	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-05-23 03:51 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886F2312-3675-423B-BCCD-C30807DE0828}\mpengine.dll
2014-05-22 09:40 . 2014-05-22 09:43	--------	d-----w-	C:\FRST
2014-05-22 07:33 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-21 15:28 . 2010-11-05 01:58	32768	----a-w-	c:\users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe
2014-05-21 15:28 . 2014-05-21 15:28	--------	d-sh--r-	c:\users\Bruno gebaltag W7\n28u22648s7p
2014-05-21 05:26 . 2014-05-01 20:59	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C3643B8-3BD7-42F1-ACB3-24AB6B74AA55}\gapaengine.dll
2014-05-16 01:26 . 2014-05-16 01:26	--------	d-----w-	c:\program files\Common Files\Spigot
2014-05-15 01:01 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 01:00 . 2014-05-15 01:23	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-03 04:39 . 2014-04-14 18:13	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 18:08 . 2012-04-11 16:01	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-15 18:08 . 2011-05-25 07:53	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 20:59 . 2014-01-23 05:38	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-11 08:52 . 2013-09-27 08:53	104264	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31 . 2014-04-10 01:05	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-10 01:05	61952	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-10 01:05	455168	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-10 01:05	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-10 01:05	4254720	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-10 01:05	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-10 01:05	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-10 01:05	592896	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-10 01:05	646144	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-10 01:05	32256	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-10 01:05	1967104	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-10 01:05	1789440	----a-w-	c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-12-12 28672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"CLXReader"="c:\program files\CLX.PayPen\CLXReader.exe" [2012-03-08 4108112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-10 39408]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-04-23 122200]
"Gadwin PrintScreen (32-bit)"="c:\program files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe" [2014-02-04 11742368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AsioReg"="CTASIO.DLL" [2006-12-12 79872]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2238704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-10-08 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-04-23 122200]
.
c:\users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RegSvcs.exe [2010-11-5 32768]
start.lnk - c:\users\Bruno gebaltag W7\n28u22648s7p\96596.vbs [2014-5-21 135]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-02-08 18:30	66800	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 PayPen;PayPen;c:\windows\system32\Drivers\PayPen.sys [2012-03-08 18560]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-04-23 436056]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-01-03 44296]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-01-03 12808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 20:38	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:08]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 19:29]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 19:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gebaltag.ch/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.192.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Bruno gebaltag W7\AppData\Roaming\Mozilla\Firefox\Profiles\vadg9kbf.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-23  16:49:35
ComboFix-quarantined-files.txt  2014-05-23 14:49
ComboFix2.txt  2014-05-23 14:21
.
Vor Suchlauf: 14 Verzeichnis(se), 425'204'146'176 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 425'148'112'896 Bytes frei
.
- - End Of File - - BC6C858CF9FCEAAAA22DC1260B31A673
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 24.05.2014, 11:18   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Monitoring Tool: MSIL/Limitless

Alt 26.05.2014, 07:09   #7
dellirium83
 
Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.05.2014
Suchlauf-Zeit: 07:31:58
Logdatei: Suchlauf mam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.25.08
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Bruno gebaltag W7

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 292759
Verstrichene Zeit: 10 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Misused.Legit.AI, C:\Users\Bruno gebaltag W7\n28u22648s7p\update.exe, 4340, Löschen bei Neustart, [2a72d4814d2ed3639fa393ecb849827e]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-3094382841-4238814383-314149776-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [9606a1b4641788ae2df4a6efbf4313ed], 

Registrierungswerte: 1
Trojan.Agent.AIVB, HKU\S-1-5-21-3094382841-4238814383-314149776-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|n28u22648s7p, C:\Users\BRUNOG~1\n28u22648s7p\96596.vbs, In Quarantäne, [1f7dc88d215a68cecace831eb94926da]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 3
Misused.Legit.AI, C:\Users\Bruno gebaltag W7\n28u22648s7p\update.exe, Löschen bei Neustart, [2a72d4814d2ed3639fa393ecb849827e], 
Trojan.Agent, C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe, In Quarantäne, [504c32235f1c43f3978c3e8142c10af6], 
Trojan.Agent.AIVB, C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs, In Quarantäne, [1f7dc88d215a68cecace831eb94926da], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 26/05/2014 um 07:51:58
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Bruno gebaltag W7 - BRUNO-PCW7
# Gestartet von : C:\Users\Bruno gebaltag W7\Downloads\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Bruno gebaltag W7\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Bruno gebaltag W7\AppData\LocalLow\Conduit

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3192727
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winzip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winzip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Bruno gebaltag W7\AppData\Roaming\Mozilla\Firefox\Profiles\vadg9kbf.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={6719C70B-015C-4F00-8195-63A3E3E02CF9}&mid=4d860563558a47cf9c9a948a027528ec-2107c46f990cd06e0b53a860f653153ab9746932&lang=de&ds=hk011&pr=sa&d=2012-07-13 18:14:40&v=11.1.0.12&sap=dsp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [4469 octets] - [26/05/2014 07:51:01]
AdwCleaner[S0].txt - [4390 octets] - [26/05/2014 07:51:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4450 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Bruno gebaltag W7 on 26.05.2014 at  7:59:43.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{912780D6-9633-44F7-AF60-C9F0A1052EF5}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at  8:04:35.51
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Bruno gebaltag W7 (administrator) on BRUNO-PCW7 on 26-05-2014 08:07:57
Running from C:\Users\Bruno gebaltag W7\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Creative Technology Ltd) C:\Windows\CTHELPER.EXE
(Nikon Corporation) C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CREALOGIX E-Payment AG) C:\Program Files\CLX.PayPen\CLXReader.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [CTHelper] => C:\Windows\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-08] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [28672 2006-12-12] (Creative Technology Ltd)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [CLXReader] => C:\Program Files\CLX.PayPen\CLXReader.exe [4108112 2012-03-08] (CREALOGIX E-Payment AG)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-10] (Google Inc.)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [Gadwin PrintScreen (32-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe [11742368 2014-02-04] (Gadwin Systems)
Startup: C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gebaltag.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74DC6EA2AC47CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {F055005A-1F46-47AF-A181-4E521A44B2DD} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} hxxp://parts.husqvarna.com/WebResource.axd?d=y-GDijKIXiC7nQjcbwgAa5HM_MEZjdvRYfEo9SyY_LTh0DhxUpj7HSBCNmffydro_j-n9hAloQPfQRLqFX1_0m-0dlXzXdesUKf8d2yGqCE1&t=634322293860000000
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Bruno gebaltag W7\AppData\Roaming\Mozilla\Firefox\Profiles\vadg9kbf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-08]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.gebaltag.ch/
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: hxxp://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=827316&ilc=12&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (YouTube) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (Google-Suche) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (Logitech SetPoint) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-09]
CHR Extension: (RealDownloader) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-05]
CHR Extension: (Google Wallet) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]
CHR Extension: (Google Mail) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [44296 2013-01-03] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12808 2013-01-03] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [18560 2012-03-08] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\BRUNOG~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\BRUNOG~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 08:07 - 2014-05-26 08:07 - 00020345 _____ () C:\Users\Bruno gebaltag W7\Desktop\FRST.txt
2014-05-26 08:07 - 2014-05-26 08:07 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Desktop\FRST-OlderVersion
2014-05-26 08:04 - 2014-05-26 08:04 - 00000807 _____ () C:\Users\Bruno gebaltag W7\Desktop\JRT.txt
2014-05-26 07:56 - 2014-05-26 07:56 - 01016261 _____ (Thisisu) C:\Users\Bruno gebaltag W7\Downloads\JRT.exe
2014-05-26 07:56 - 2014-05-26 07:56 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 07:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-26 07:50 - 2014-05-26 07:52 - 00000000 ____D () C:\AdwCleaner
2014-05-26 07:50 - 2014-05-26 07:50 - 01326389 _____ () C:\Users\Bruno gebaltag W7\Downloads\adwcleaner_3.210.exe
2014-05-26 07:47 - 2014-05-26 07:47 - 00002085 _____ () C:\Users\Bruno gebaltag W7\Desktop\Suchlauf mam.txt
2014-05-26 07:31 - 2014-05-26 07:59 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 07:31 - 2014-05-26 07:31 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 07:31 - 2014-05-26 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 07:30 - 2014-05-26 07:31 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-26 07:30 - 2014-05-26 07:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bruno gebaltag W7\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 07:30 - 2014-05-26 07:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 07:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 07:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 07:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 10:11 - 2014-05-24 10:12 - 00000479 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT Neu.lnk
2014-05-23 16:49 - 2014-05-23 16:49 - 00010234 _____ () C:\ComboFix.txt
2014-05-23 16:37 - 2014-05-23 16:49 - 00000000 ____D () C:\ComboFix
2014-05-23 16:36 - 2014-05-23 16:36 - 05200426 ____R (Swearware) C:\Users\Bruno gebaltag W7\Desktop\ComboFix.exe
2014-05-23 14:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-23 14:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-23 14:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-23 14:12 - 2014-05-23 16:49 - 00000000 ____D () C:\Qoobox
2014-05-23 14:12 - 2014-05-23 16:20 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 11:42 - 2014-05-22 11:43 - 00036118 _____ () C:\Users\Bruno gebaltag W7\Downloads\Addition.txt
2014-05-22 11:40 - 2014-05-26 08:07 - 00000000 ____D () C:\FRST
2014-05-22 11:40 - 2014-05-22 11:43 - 00034640 _____ () C:\Users\Bruno gebaltag W7\Downloads\FRST.txt
2014-05-22 11:39 - 2014-05-26 08:07 - 01056256 _____ (Farbar) C:\Users\Bruno gebaltag W7\Desktop\FRST.exe
2014-05-21 17:28 - 2014-05-26 07:45 - 00000000 _RSHD () C:\Users\Bruno gebaltag W7\n28u22648s7p
2014-05-15 03:03 - 2014-05-15 03:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:51 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 20:51 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 20:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 20:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 20:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 20:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 20:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 20:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 20:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 20:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 20:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 20:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-10 13:42 - 2014-05-10 13:42 - 00007747 _____ () C:\Users\Bruno gebaltag W7\Documents\IFAT.odt
2014-05-10 07:31 - 2014-05-10 07:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 03:12 - 2014-05-07 03:12 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 03:00 - 2014-05-15 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 06:40 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-03 06:39 - 2014-05-03 06:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-03 06:39 - 2014-05-03 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-03 06:39 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-03 06:39 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-03 06:39 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-05-26 08:08 - 2014-05-26 08:07 - 00020345 _____ () C:\Users\Bruno gebaltag W7\Desktop\FRST.txt
2014-05-26 08:08 - 2012-04-11 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 08:07 - 2014-05-26 08:07 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Desktop\FRST-OlderVersion
2014-05-26 08:07 - 2014-05-22 11:40 - 00000000 ____D () C:\FRST
2014-05-26 08:07 - 2014-05-22 11:39 - 01056256 _____ (Farbar) C:\Users\Bruno gebaltag W7\Desktop\FRST.exe
2014-05-26 08:05 - 2010-08-12 21:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 08:05 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 08:05 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 08:04 - 2014-05-26 08:04 - 00000807 _____ () C:\Users\Bruno gebaltag W7\Desktop\JRT.txt
2014-05-26 07:59 - 2014-05-26 07:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 07:58 - 2010-08-13 21:29 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 07:58 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 07:58 - 2009-07-14 06:39 - 00059962 _____ () C:\Windows\setupact.log
2014-05-26 07:57 - 2010-08-12 20:32 - 01928595 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 07:56 - 2014-05-26 07:56 - 01016261 _____ (Thisisu) C:\Users\Bruno gebaltag W7\Downloads\JRT.exe
2014-05-26 07:56 - 2014-05-26 07:56 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 07:53 - 2010-08-13 06:51 - 00420700 _____ () C:\Windows\PFRO.log
2014-05-26 07:52 - 2014-05-26 07:50 - 00000000 ____D () C:\AdwCleaner
2014-05-26 07:50 - 2014-05-26 07:50 - 01326389 _____ () C:\Users\Bruno gebaltag W7\Downloads\adwcleaner_3.210.exe
2014-05-26 07:47 - 2014-05-26 07:47 - 00002085 _____ () C:\Users\Bruno gebaltag W7\Desktop\Suchlauf mam.txt
2014-05-26 07:45 - 2014-05-21 17:28 - 00000000 _RSHD () C:\Users\Bruno gebaltag W7\n28u22648s7p
2014-05-26 07:43 - 2010-08-25 20:06 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-26 07:37 - 2010-08-13 21:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-26 07:31 - 2014-05-26 07:31 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 07:31 - 2014-05-26 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 07:31 - 2014-05-26 07:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-26 07:30 - 2014-05-26 07:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bruno gebaltag W7\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 07:30 - 2014-05-26 07:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 10:19 - 2013-04-19 12:58 - 00000000 ____D () C:\Program Files\AFSFAKT
2014-05-24 10:12 - 2014-05-24 10:11 - 00000479 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT Neu.lnk
2014-05-23 16:49 - 2014-05-23 16:49 - 00010234 _____ () C:\ComboFix.txt
2014-05-23 16:49 - 2014-05-23 16:37 - 00000000 ____D () C:\ComboFix
2014-05-23 16:49 - 2014-05-23 14:12 - 00000000 ____D () C:\Qoobox
2014-05-23 16:47 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-23 16:36 - 2014-05-23 16:36 - 05200426 ____R (Swearware) C:\Users\Bruno gebaltag W7\Desktop\ComboFix.exe
2014-05-23 16:21 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-23 16:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-23 16:20 - 2014-05-23 14:12 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 11:43 - 2014-05-22 11:42 - 00036118 _____ () C:\Users\Bruno gebaltag W7\Downloads\Addition.txt
2014-05-22 11:43 - 2014-05-22 11:40 - 00034640 _____ () C:\Users\Bruno gebaltag W7\Downloads\FRST.txt
2014-05-22 05:46 - 2010-08-26 06:19 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Tracing
2014-05-21 17:28 - 2010-08-12 21:42 - 00000000 ____D () C:\Users\Bruno gebaltag W7
2014-05-16 15:58 - 2013-04-26 18:43 - 00001059 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT Alt.lnk
2014-05-16 15:51 - 2011-06-20 06:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 20:08 - 2012-04-11 18:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 20:08 - 2011-05-25 09:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 05:43 - 2013-06-22 12:00 - 00000000 ___RD () C:\Users\Bruno gebaltag W7\Virtual Machines
2014-05-15 04:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 03:23 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:23 - 2014-03-10 16:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-15 03:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 03:07 - 2010-08-25 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:06 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:04 - 2010-08-13 05:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 03:03 - 2014-05-15 03:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-12 07:26 - 2014-05-26 07:30 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 07:30 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 07:30 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 13:42 - 2014-05-10 13:42 - 00007747 _____ () C:\Users\Bruno gebaltag W7\Documents\IFAT.odt
2014-05-10 07:32 - 2014-05-10 07:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 20:51 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:51 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:13 - 2013-12-24 12:43 - 00000000 ____D () C:\ProgramData\Garmin
2014-05-07 03:13 - 2013-12-24 12:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 03:13 - 2012-08-27 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-05-07 03:12 - 2014-05-07 03:12 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 03:12 - 2011-05-18 05:50 - 00000000 ____D () C:\Program Files\Garmin
2014-05-06 05:25 - 2014-05-15 03:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 03:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-03 06:41 - 2013-10-21 06:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-03 06:39 - 2014-05-03 06:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-03 06:39 - 2014-05-03 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-03 06:39 - 2010-08-14 07:30 - 00000000 ____D () C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 20:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 06:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 26.05.2014, 19:46   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2014, 09:19   #9
dellirium83
 
Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5eb1c42d836094288ce46618d3fdb0f
# engine=18423
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-27 08:02:24
# local_time=2014-05-27 10:02:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 26749894 152808935 0 0
# scanned=140677
# found=1
# cleaned=0
# scan_time=4546
sh=DD0F52FD8EFC0E449B457D6B89DFD2310CADE5BA ft=0 fh=0000000000000000 vn="MSIL/Spy.LimitLogger.A Trojaner" ac=I fn="C:\Users\Bruno gebaltag W7\n28u22648s7p\KEzs.AYT"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Bruno gebaltag W7 (administrator) on BRUNO-PCW7 on 27-05-2014 10:14:47
Running from C:\Users\Bruno gebaltag W7\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Windows\CTHELPER.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CREALOGIX E-Payment AG) C:\Program Files\CLX.PayPen\CLXReader.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [CTHelper] => C:\Windows\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-08] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [BrandClearStubs] - RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{4AEBA689-DBC9-4EDA-B0FA-C7109D4FF22B} [238288 2013-11-12] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [28672 2006-12-12] (Creative Technology Ltd)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [CLXReader] => C:\Program Files\CLX.PayPen\CLXReader.exe [4108112 2012-03-08] (CREALOGIX E-Payment AG)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-10] (Google Inc.)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3094382841-4238814383-314149776-1000\...\Run: [Gadwin PrintScreen (32-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe [11742368 2014-02-04] (Gadwin Systems)
Startup: C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74DC6EA2AC47CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F055005A-1F46-47AF-A181-4E521A44B2DD} URL = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} hxxp://parts.husqvarna.com/WebResource.axd?d=y-GDijKIXiC7nQjcbwgAa5HM_MEZjdvRYfEo9SyY_LTh0DhxUpj7HSBCNmffydro_j-n9hAloQPfQRLqFX1_0m-0dlXzXdesUKf8d2yGqCE1&t=634322293860000000
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\Bruno gebaltag W7\AppData\Roaming\Mozilla\Firefox\Profiles\vadg9kbf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-08]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.gebaltag.ch/
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: hxxp://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=827316&ilc=12&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (YouTube) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (Google-Suche) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (Logitech SetPoint) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-09]
CHR Extension: (RealDownloader) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-05]
CHR Extension: (Google Wallet) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]
CHR Extension: (Google Mail) - C:\Users\Bruno gebaltag W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [44296 2013-01-03] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12808 2013-01-03] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [18560 2012-03-08] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\BRUNOG~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\BRUNOG~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 10:10 - 2014-05-27 10:11 - 00854367 _____ () C:\Users\Bruno gebaltag W7\Downloads\SecurityCheck.exe
2014-05-27 08:40 - 2014-05-27 08:40 - 02347384 _____ (ESET) C:\Users\Bruno gebaltag W7\Downloads\esetsmartinstaller_deu.exe
2014-05-26 14:09 - 2014-05-26 14:09 - 39197320 _____ (Microsoft Corporation) C:\Users\Bruno gebaltag W7\Downloads\EIE11_DE-DE_MCM_WIN7(1).EXE
2014-05-26 13:41 - 2014-05-26 13:41 - 37059280 _____ (Microsoft Corporation) C:\Users\Bruno gebaltag W7\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-05-26 13:35 - 2014-05-26 13:35 - 39197320 _____ (Microsoft Corporation) C:\Users\Bruno gebaltag W7\Downloads\EIE11_DE-DE_MCM_WIN7.EXE
2014-05-26 08:07 - 2014-05-27 10:14 - 00020239 _____ () C:\Users\Bruno gebaltag W7\Desktop\FRST.txt
2014-05-26 08:07 - 2014-05-26 08:07 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Desktop\FRST-OlderVersion
2014-05-26 08:04 - 2014-05-26 08:04 - 00000807 _____ () C:\Users\Bruno gebaltag W7\Desktop\JRT.txt
2014-05-26 07:56 - 2014-05-26 07:56 - 01016261 _____ (Thisisu) C:\Users\Bruno gebaltag W7\Downloads\JRT.exe
2014-05-26 07:56 - 2014-05-26 07:56 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 07:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-26 07:50 - 2014-05-26 07:52 - 00000000 ____D () C:\AdwCleaner
2014-05-26 07:50 - 2014-05-26 07:50 - 01326389 _____ () C:\Users\Bruno gebaltag W7\Downloads\adwcleaner_3.210.exe
2014-05-26 07:47 - 2014-05-26 07:47 - 00002085 _____ () C:\Users\Bruno gebaltag W7\Desktop\Suchlauf mam.txt
2014-05-26 07:31 - 2014-05-27 08:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 07:31 - 2014-05-26 07:31 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 07:31 - 2014-05-26 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 07:30 - 2014-05-26 07:31 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-26 07:30 - 2014-05-26 07:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bruno gebaltag W7\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 07:30 - 2014-05-26 07:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 07:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 07:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 07:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 10:11 - 2014-05-24 10:12 - 00000479 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT Neu.lnk
2014-05-23 16:49 - 2014-05-23 16:49 - 00010234 _____ () C:\ComboFix.txt
2014-05-23 16:37 - 2014-05-23 16:49 - 00000000 ____D () C:\ComboFix
2014-05-23 16:36 - 2014-05-23 16:36 - 05200426 ____R (Swearware) C:\Users\Bruno gebaltag W7\Desktop\ComboFix.exe
2014-05-23 14:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-23 14:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-23 14:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-23 14:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-23 14:12 - 2014-05-23 16:49 - 00000000 ____D () C:\Qoobox
2014-05-23 14:12 - 2014-05-23 16:20 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 11:42 - 2014-05-22 11:43 - 00036118 _____ () C:\Users\Bruno gebaltag W7\Downloads\Addition.txt
2014-05-22 11:40 - 2014-05-27 10:14 - 00000000 ____D () C:\FRST
2014-05-22 11:40 - 2014-05-22 11:43 - 00034640 _____ () C:\Users\Bruno gebaltag W7\Downloads\FRST.txt
2014-05-22 11:39 - 2014-05-26 08:07 - 01056256 _____ (Farbar) C:\Users\Bruno gebaltag W7\Desktop\FRST.exe
2014-05-21 17:28 - 2014-05-26 07:45 - 00000000 _RSHD () C:\Users\Bruno gebaltag W7\n28u22648s7p
2014-05-15 03:03 - 2014-05-15 03:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:51 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 20:51 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 20:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 20:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 20:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 20:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 20:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 20:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 20:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 20:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 20:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 20:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 20:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-10 13:42 - 2014-05-10 13:42 - 00007747 _____ () C:\Users\Bruno gebaltag W7\Documents\IFAT.odt
2014-05-10 07:31 - 2014-05-10 07:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 03:12 - 2014-05-07 03:12 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 03:00 - 2014-05-15 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 06:40 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-03 06:39 - 2014-05-03 06:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-03 06:39 - 2014-05-03 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-03 06:39 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-03 06:39 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-03 06:39 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-05-27 10:15 - 2014-05-26 08:07 - 00020239 _____ () C:\Users\Bruno gebaltag W7\Desktop\FRST.txt
2014-05-27 10:14 - 2014-05-22 11:40 - 00000000 ____D () C:\FRST
2014-05-27 10:11 - 2014-05-27 10:10 - 00854367 _____ () C:\Users\Bruno gebaltag W7\Downloads\SecurityCheck.exe
2014-05-27 10:08 - 2012-04-11 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 09:37 - 2010-08-13 21:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 08:40 - 2014-05-27 08:40 - 02347384 _____ (ESET) C:\Users\Bruno gebaltag W7\Downloads\esetsmartinstaller_deu.exe
2014-05-27 08:01 - 2014-05-26 07:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 08:01 - 2013-04-19 12:58 - 00000000 ____D () C:\Program Files\AFSFAKT
2014-05-27 07:06 - 2010-08-12 20:32 - 01975167 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 06:00 - 2010-08-13 21:29 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 14:13 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 14:13 - 2009-07-14 06:34 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 14:10 - 2013-11-12 04:00 - 00029491 _____ () C:\Windows\IE11_main.log
2014-05-26 14:10 - 2010-08-13 21:39 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-26 14:10 - 2010-08-12 21:43 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 14:09 - 2014-05-26 14:09 - 39197320 _____ (Microsoft Corporation) C:\Users\Bruno gebaltag W7\Downloads\EIE11_DE-DE_MCM_WIN7(1).EXE
2014-05-26 14:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 14:05 - 2009-07-14 06:39 - 00060242 _____ () C:\Windows\setupact.log
2014-05-26 13:41 - 2014-05-26 13:41 - 37059280 _____ (Microsoft Corporation) C:\Users\Bruno gebaltag W7\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-05-26 13:35 - 2014-05-26 13:35 - 39197320 _____ (Microsoft Corporation) C:\Users\Bruno gebaltag W7\Downloads\EIE11_DE-DE_MCM_WIN7.EXE
2014-05-26 12:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 08:07 - 2014-05-26 08:07 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Desktop\FRST-OlderVersion
2014-05-26 08:07 - 2014-05-22 11:39 - 01056256 _____ (Farbar) C:\Users\Bruno gebaltag W7\Desktop\FRST.exe
2014-05-26 08:04 - 2014-05-26 08:04 - 00000807 _____ () C:\Users\Bruno gebaltag W7\Desktop\JRT.txt
2014-05-26 07:56 - 2014-05-26 07:56 - 01016261 _____ (Thisisu) C:\Users\Bruno gebaltag W7\Downloads\JRT.exe
2014-05-26 07:56 - 2014-05-26 07:56 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 07:53 - 2010-08-13 06:51 - 00420700 _____ () C:\Windows\PFRO.log
2014-05-26 07:52 - 2014-05-26 07:50 - 00000000 ____D () C:\AdwCleaner
2014-05-26 07:50 - 2014-05-26 07:50 - 01326389 _____ () C:\Users\Bruno gebaltag W7\Downloads\adwcleaner_3.210.exe
2014-05-26 07:47 - 2014-05-26 07:47 - 00002085 _____ () C:\Users\Bruno gebaltag W7\Desktop\Suchlauf mam.txt
2014-05-26 07:45 - 2014-05-21 17:28 - 00000000 _RSHD () C:\Users\Bruno gebaltag W7\n28u22648s7p
2014-05-26 07:45 - 2010-08-25 20:06 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-26 07:31 - 2014-05-26 07:31 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 07:31 - 2014-05-26 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 07:31 - 2014-05-26 07:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-26 07:30 - 2014-05-26 07:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bruno gebaltag W7\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 07:30 - 2014-05-26 07:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 10:12 - 2014-05-24 10:11 - 00000479 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT Neu.lnk
2014-05-23 16:49 - 2014-05-23 16:49 - 00010234 _____ () C:\ComboFix.txt
2014-05-23 16:49 - 2014-05-23 16:37 - 00000000 ____D () C:\ComboFix
2014-05-23 16:49 - 2014-05-23 14:12 - 00000000 ____D () C:\Qoobox
2014-05-23 16:47 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-23 16:36 - 2014-05-23 16:36 - 05200426 ____R (Swearware) C:\Users\Bruno gebaltag W7\Desktop\ComboFix.exe
2014-05-23 16:21 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-23 16:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-23 16:20 - 2014-05-23 14:12 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 11:43 - 2014-05-22 11:42 - 00036118 _____ () C:\Users\Bruno gebaltag W7\Downloads\Addition.txt
2014-05-22 11:43 - 2014-05-22 11:40 - 00034640 _____ () C:\Users\Bruno gebaltag W7\Downloads\FRST.txt
2014-05-22 05:46 - 2010-08-26 06:19 - 00000000 ____D () C:\Users\Bruno gebaltag W7\Tracing
2014-05-21 17:28 - 2010-08-12 21:42 - 00000000 ____D () C:\Users\Bruno gebaltag W7
2014-05-16 15:58 - 2013-04-26 18:43 - 00001059 _____ () C:\Users\Bruno gebaltag W7\Desktop\AFSFAKT Alt.lnk
2014-05-16 15:51 - 2011-06-20 06:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 20:08 - 2012-04-11 18:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 20:08 - 2011-05-25 09:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 05:43 - 2013-06-22 12:00 - 00000000 ___RD () C:\Users\Bruno gebaltag W7\Virtual Machines
2014-05-15 04:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 03:23 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:23 - 2014-03-10 16:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-15 03:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 03:07 - 2010-08-25 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:06 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:04 - 2010-08-13 05:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 03:03 - 2014-05-15 03:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-12 07:26 - 2014-05-26 07:30 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 07:30 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 07:30 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 13:42 - 2014-05-10 13:42 - 00007747 _____ () C:\Users\Bruno gebaltag W7\Documents\IFAT.odt
2014-05-10 07:32 - 2014-05-10 07:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 20:51 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:51 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:13 - 2013-12-24 12:43 - 00000000 ____D () C:\ProgramData\Garmin
2014-05-07 03:13 - 2013-12-24 12:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-07 03:13 - 2012-08-27 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-05-07 03:12 - 2014-05-07 03:12 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-07 03:12 - 2011-05-18 05:50 - 00000000 ____D () C:\Program Files\Garmin
2014-05-06 05:25 - 2014-05-15 03:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 03:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-03 06:41 - 2013-10-21 06:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-03 06:39 - 2014-05-03 06:39 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-03 06:39 - 2014-05-03 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-03 06:39 - 2010-08-14 07:30 - 00000000 ____D () C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Bruno gebaltag W7\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 20:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 06:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Der Posteingang wird bis jetzt nicht mehr mit Mails bombadiert. Besten dank schon mal dafür:-)

Alt 28.05.2014, 09:26   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Adobe updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Bruno gebaltag W7\n28u22648s7p
Startup: C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs (No File)
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.05.2014, 10:13   #11
dellirium83
 
Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by Bruno gebaltag W7 at 2014-05-28 11:13:17 Run:1
Running from C:\Users\Bruno gebaltag W7\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Bruno gebaltag W7\n28u22648s7p
Startup: C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs (No File)
*****************

C:\Users\Bruno gebaltag W7\n28u22648s7p => Moved successfully.
C:\Users\Bruno gebaltag W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk => Moved successfully.
C:\Users\Bruno gebaltag W7\n28u22648s7p\96596.vbs not found.

==== End of Fixlog ====
         

Alt 29.05.2014, 05:53   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Monitoring Tool: MSIL/Limitless - Standard

Monitoring Tool: MSIL/Limitless



fertig
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Monitoring Tool: MSIL/Limitless
erkenn, essentials, microsoft, misused.legit.ai, monitoring, msil/spy.limitlogger.a, problem, pup.optional.softonic.a, schwerwiegende, schwerwiegenden, security essentials, tool, trojan.agent, trojan.agent.aivb



Ähnliche Themen: Monitoring Tool: MSIL/Limitless


  1. Monitoring Tools, Keylogger und co
    Überwachung, Datenschutz und Spam - 21.04.2016 (21)
  2. Suche Programm zum Monitoring des Heimnetzwerkes
    Überwachung, Datenschutz und Spam - 24.07.2014 (7)
  3. Systemregistrierung mit Monitoring Tool infiziert.
    Log-Analyse und Auswertung - 29.06.2014 (27)
  4. TR/Dropper.MSIL.GEN
    Log-Analyse und Auswertung - 31.05.2014 (5)
  5. backdoor.msil.p
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (8)
  6. Adware:MSIL/Yontoo
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (25)
  7. Trojan.MSIL
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (11)
  8. Backdoor.MSIL.Bot.A
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  9. Keylogger oder Monitoring auf meinem Notebook?
    Log-Analyse und Auswertung - 13.06.2012 (1)
  10. "Debugging or Monitoring tool detected"
    Log-Analyse und Auswertung - 19.06.2011 (10)
  11. Windows Monitoring Utility entfernen
    Anleitungen, FAQs & Links - 11.06.2011 (2)
  12. TR/Dldr.MSIL.Agent.TJ.1
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (7)
  13. Monitoring
    Überwachung, Datenschutz und Spam - 13.12.2010 (2)
  14. Generic.Bot.H, Riskware.Tool.CK, Trojan.MSIL und andere Funde
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (9)
  15. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  16. TR/MSIL.Dedem Problem
    Log-Analyse und Auswertung - 11.06.2008 (4)
  17. Trojaner TR/MSIL.Dedem.I
    Plagegeister aller Art und deren Bekämpfung - 15.04.2008 (2)

Zum Thema Monitoring Tool: MSIL/Limitless - Hallo, habe auf meinem Rechner ein Problem mit dem Microsoft Outlook, werde bombadiert mit Mails. Microsoft Security Essentials erkennt einen schwerwiegenden fehler: "Monitoring Tool:MSIL/Limitless" Kennt jemand diesen Fehler, wenn ja - Monitoring Tool: MSIL/Limitless...
Archiv
Du betrachtest: Monitoring Tool: MSIL/Limitless auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.