Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spyware eingefangen .... !

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2014, 01:15   #1
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



hallo!
Das böse Internet hat mich mal wider reingelegt. Als ich mir den Audiograbber downloaden wollte ( als zuverlässig und sicher empfohlen) .. ähm und dies auch tat bekam ich unerwünschten Besuch.

KIS meldetet gleich eine Bedrohung und startete die Aktive Desinfektion. Danach Neustart und dann lies ich erstmal Malewarebyts durchlaufen. Es wurden 85 Einträge gefunden.Diese habe ich in dem Malewarebyts Menü in die Quarantäne verschoben und dann meldete das Programm das alles ok ist.

KIS findet auch nix mehr.

Allerdings find ich weder die Protokolldatei noch sonst was......... Hmmm Als Typ wurde ein Key diagnostieziert.... (Dann hättet ihr gliech was zum ansehen )

Ok ..... Was nun ?? Ich erwarte in Demut eure Anweisungen

gruss
rotaran

PS: Hier das Log . habs nochgefunden :
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/07/22 00:41:04 +0200</date>

<logfile>mbam-log-2014-07-22 (00-41-03).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.07.21.09</malware-database>

<rootkit-database>v2014.07.17.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>mr.x</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>347425</objects>

<time>793</time>

<processes>0</processes>

<modules>0</modules>

<keys>3</keys>

<values>2</values>

<datas>1</datas>

<folders>24</folders>

<files>55</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKU\S-1-5-21-648447735-2230146337-2693748210-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>257c6937f289ba7cf33e0e4a2dd554ac</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>465b237d7902b284d6ab18b1689ab050</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD</path>

<vendor>PUP.Optional.SearchProtect</vendor>

<action>success</action>

<hash>722fcbd5de9d5dd97343be0432d0a65a</hash>

</key>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path>

<valuename>InstallDir</valuename>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<valuedata>C:\PROGRA~2\SearchProtect</valuedata>

<hash>465b237d7902b284d6ab18b1689ab050</hash>

</value>


-<value>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD</path>

<valuename>ImagePath</valuename>

<vendor>PUP.Optional.SearchProtect</vendor>

<action>success</action>

<valuedata>\??\C:\Windows\system32\drivers\SPPD.sys</valuedata>

<hash>722fcbd5de9d5dd97343be0432d0a65a</hash>

</value>


-<data>

<path>HKU\S-1-5-21-648447735-2230146337-2693748210-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>

<valuename>Start Page</valuename>

<vendor>PUP.Optional.Trovi.A</vendor>

<action>replaced</action>

<valuedata>http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=55&CUI=&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E&SSPV=</valuedata>

<baddata>http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=55&CUI=&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E&SSPV=</baddata>

<gooddata>www.google.com</gooddata>

<hash>722ffca4fa81f93d2dc94b5623e140c0</hash>

</data>


-<folder>

<path>C:\Program Files (x86)\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\Main</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\Main\bin</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\Main\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\SearchProtect\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\bin</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\STG</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\UI</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\UI\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<file>

<path>C:\Program Files (x86)\SearchProtect\EULA.txt</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\UI\rep\UIRepository.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js</path>

<vendor>PUP.Optional.Trovi</vendor>

<action>replaced</action>

<baddata>user_pref("browser.search.selectedEngine", "Trovi search");</baddata>

<gooddata/>

<hash>178accd4ed8e4ee895a1eaf1fe06738d</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js</path>

<vendor>PUP.Optional.Trovi.A</vendor>

<action>replaced</action>

<baddata>user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=55&CUI=&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E&SSPV=");</baddata>

<gooddata/>

<hash>722f4060ea91cc6ae7e4a4377f85ba46</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js</path>

<vendor>PUP.Optional.Trovi.A</vendor>

<action>replaced</action>

<baddata>user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E");</baddata>

<gooddata/>

<hash>8021eeb22952f1450cc0578425dfea16</hash>

</file>

</items>

</mbam-log>
         
__________________
Heghlu'meH QaQ jajvam !

Geändert von rotaran (22.07.2014 um 01:37 Uhr)

Alt 22.07.2014, 08:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.07.2014, 08:55   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Hi,

sind das alle Logs? Was hat KIS denn genau gefunden?

Zitat:
Das böse Internet hat mich mal wider reingelegt.
Vermutlich bist du auch Opfer deiner Unaufmerksamkeit geworden
Es ist mittlerweile stark in Mode gekommen, Software sich von "irgendwo" runterzuladen. Die meisten Leute laden aus Gedankenlosigkeit/Faulheit Software einfach vom erstbesten Google-Suchergebnis runter, Quelle ist dann Softonic oder ähnlicher Müll, der Software gespickt mit Junkware anbietet.

Zudem muss man JEDE Software die man installiert, immer benutzerdefiniert installieren, damit man Toolbars und anderen unerwünschten Müll abwählen kann. Also:

1. Software nur aus sauberen Quellen laden (Originalhersteller-Seite, gute Alternative ist FilePony.de )
2. Software immer nach Möglichkeit benutzerdefiniert installieren und alles genau lesen
__________________
__________________

Alt 22.07.2014, 10:51   #4
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Code:
ATTFilter
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by mr.x (administrator) on MRX-PC on 22-07-2014 10:38:43
Running from C:\Users\mr.x\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [ScreenManager Pro for LCD (DDCCI)] => C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [4751848 2012-12-14] (EIZO Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-648447735-2230146337-2693748210-1000\...\MountPoints2: {8eb5d7cc-600e-11e1-b42b-1c6f65472f2b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default
FF Homepage: https://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-17]
FF Extension: BrowserProtect - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\browserprotect@browserprotect.com.xpi [2014-01-18]
FF Extension: Ghostery - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-17]
FF Extension: Adblock Edge - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 10:38 - 2014-07-22 10:38 - 00015820 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:38 - 2014-07-22 10:38 - 00000000 ____D () C:\Users\mr.x\Desktop\FRST-OlderVersion
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 00:56 - 2014-07-22 10:30 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:09 - 2014-07-22 10:30 - 00000840 _____ () C:\Windows\setupact.log
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-10 15:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== One Month Modified Files and Folders =======

2014-07-22 10:40 - 2014-07-22 10:38 - 00015820 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:38 - 2014-07-22 10:38 - 00000000 ____D () C:\Users\mr.x\Desktop\FRST-OlderVersion
2014-07-22 10:38 - 2014-02-25 12:59 - 00000000 ____D () C:\FRST
2014-07-22 10:38 - 2014-02-25 12:58 - 02090496 _____ (Farbar) C:\Users\mr.x\Desktop\FRST64.exe
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 10:37 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 10:37 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 10:34 - 2013-12-03 04:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 10:30 - 2014-07-22 00:56 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 10:30 - 2014-07-21 11:09 - 00000840 _____ () C:\Windows\setupact.log
2014-07-22 10:30 - 2013-10-29 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 10:30 - 2012-02-26 04:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-22 10:30 - 2012-02-26 02:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-22 10:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 02:19 - 2013-10-29 17:49 - 01241367 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 01:52 - 2012-04-04 19:52 - 00000310 _____ () C:\Windows\Tasks\DMEPeriodicTask.job
2014-07-22 01:32 - 2012-08-15 21:06 - 00000000 ____D () C:\Users\mr.x\AppData\Roaming\TS3Client
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 01:08 - 2014-05-16 18:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 00:55 - 2012-02-26 01:54 - 00000000 ____D () C:\Users\mr.x
2014-07-22 00:31 - 2014-03-15 04:17 - 00000000 ____D () C:\Users\mr.x\AppData\Local\Battle.net
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:37 - 2014-01-30 19:26 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-17 17:52 - 2012-08-15 21:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-15 17:29 - 2014-05-14 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 17:29 - 2014-05-14 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 22:00 - 2012-08-18 18:32 - 00000000 ____D () C:\Users\Gast\Desktop\special
2014-07-10 15:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 15:17 - 2013-08-07 19:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 15:16 - 2012-02-26 03:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 15:09 - 2014-03-15 04:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-30 23:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 15:10

==================== End Of Log ============================
         
wo finde ich nochmal das Addition.txt ??
__________________
Heghlu'meH QaQ jajvam !

Alt 22.07.2014, 12:10   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Was ist mit meiner Frage nach anderen bisherigen Logs?

Meinen anderen Text hast du auch gelesen frage nach, weil du darauf garnicht eingehst...

FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.





edit: sehe jetzt erst, dass schraubi schon wieder vor mir hier war

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2014, 22:00   #6
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Wem soll i nun folgen???

Ok hier nochmal alles :
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by mr.x (administrator) on MRX-PC on 22-07-2014 21:57:02
Running from C:\Users\mr.x\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [ScreenManager Pro for LCD (DDCCI)] => C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [4751848 2012-12-14] (EIZO Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-648447735-2230146337-2693748210-1000\...\MountPoints2: {8eb5d7cc-600e-11e1-b42b-1c6f65472f2b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default
FF Homepage: https://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-17]
FF Extension: BrowserProtect - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\browserprotect@browserprotect.com.xpi [2014-01-18]
FF Extension: Ghostery - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-17]
FF Extension: Adblock Edge - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 10:38 - 2014-07-22 21:58 - 00015763 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 00:56 - 2014-07-22 10:30 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:09 - 2014-07-22 21:50 - 00001008 _____ () C:\Windows\setupact.log
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-10 15:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== One Month Modified Files and Folders =======

2014-07-22 21:58 - 2014-07-22 10:38 - 00015763 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 21:58 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 21:58 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 21:57 - 2014-02-25 12:59 - 00000000 ____D () C:\FRST
2014-07-22 21:56 - 2013-10-29 17:49 - 01269460 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 21:54 - 2013-12-03 04:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 21:52 - 2012-04-04 19:52 - 00000310 _____ () C:\Windows\Tasks\DMEPeriodicTask.job
2014-07-22 21:50 - 2014-07-21 11:09 - 00001008 _____ () C:\Windows\setupact.log
2014-07-22 21:50 - 2013-10-29 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 21:50 - 2012-02-26 04:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-22 21:50 - 2012-02-26 02:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-22 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 10:38 - 2014-02-25 12:58 - 02090496 _____ (Farbar) C:\Users\mr.x\Desktop\FRST64.exe
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 10:30 - 2014-07-22 00:56 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 01:32 - 2012-08-15 21:06 - 00000000 ____D () C:\Users\mr.x\AppData\Roaming\TS3Client
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 01:08 - 2014-05-16 18:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 00:55 - 2012-02-26 01:54 - 00000000 ____D () C:\Users\mr.x
2014-07-22 00:31 - 2014-03-15 04:17 - 00000000 ____D () C:\Users\mr.x\AppData\Local\Battle.net
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:37 - 2014-01-30 19:26 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-17 17:52 - 2012-08-15 21:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-15 17:29 - 2014-05-14 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 17:29 - 2014-05-14 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 22:00 - 2012-08-18 18:32 - 00000000 ____D () C:\Users\Gast\Desktop\special
2014-07-10 15:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 15:17 - 2013-08-07 19:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 15:16 - 2012-02-26 03:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 15:09 - 2014-03-15 04:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-30 23:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 15:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Nur 2:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by mr.x at 2014-07-22 21:58:31
Running from C:\Users\mr.x\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
B109a-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{61CF2C86-8E46-4210-A115-E4D6C65AF369}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScreenManager Pro for LCD (DDC/CI) (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.3.3 - EIZO Corporation)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.14.58 - Client Connect LTD) <==== ATTENTION
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WarrantyExtension (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKCU\...\{7129FC23-A106-4F45-9D47-E36342C1D310}) (Version: 21.00.8480 - Buhl Data Service GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

07-07-2014 19:35:32 Automatic creation
08-07-2014 17:42:40 Automatic creation
09-07-2014 17:48:22 Automatic creation
10-07-2014 13:51:34 Automatic creation
11-07-2014 17:09:22 Automatic creation
12-07-2014 21:35:04 Automatic creation
13-07-2014 21:26:04 Automatic creation
14-07-2014 17:10:58 Automatic creation
15-07-2014 15:56:37 Automatic creation
16-07-2014 12:45:13 Automatic creation
17-07-2014 15:17:30 Automatic creation
18-07-2014 20:25:22 Automatic creation
19-07-2014 20:41:51 Automatic creation
20-07-2014 17:12:39 Automatic creation
21-07-2014 23:26:35 Automatic creation
22-07-2014 09:00:29 Automatic creation
22-07-2014 19:55:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7E578444-5154-4D62-A4A8-A7EDE776DEF7} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {8ABE2292-9094-4E79-A7A4-45872B7868D4} - System32\Tasks\DMEPeriodicTask => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16] (Hewlett-Packard)
Task: {A20AC01E-9C49-4EDF-B901-E68ACFC5DC09} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {D42C1AC9-3D30-42B4-8725-E1C92FFC8714} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6E12869-4BA3-4828-B31E-EF1416AE4529} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\DMEPeriodicTask.job => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 17:27 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-26 02:03 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-02-26 02:03 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-17 03:24 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2014 11:00:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0721005b-2f34-409b-a4a7-90ddddf2cc9a}

Error: (07/22/2014 01:26:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {837f9bd7-810c-4403-a899-4c420ff75daa}

Error: (07/21/2014 10:27:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e6e89c7c-a436-4c72-90a1-fb1d0086246e}


System errors:
=============
Error: (07/22/2014 00:35:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎07.‎2014 um 00:34:28 unerwartet heruntergefahren.

Error: (07/22/2014 00:33:06 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (07/22/2014 11:00:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0721005b-2f34-409b-a4a7-90ddddf2cc9a}

Error: (07/22/2014 01:26:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {837f9bd7-810c-4403-a899-4c420ff75daa}

Error: (07/21/2014 10:27:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e6e89c7c-a436-4c72-90a1-fb1d0086246e}


CodeIntegrity Errors:
===================================
  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.115
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8119.49 MB
Available physical RAM: 5802.55 MB
Total Pagefile: 16237.16 MB
Available Pagefile: 13717.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:348.48 GB) (Free:255.98 GB) NTFS
Drive d: (Volume) (Fixed) (Total:117.19 GB) (Free:117.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 84DF4A66)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Das KIS Log find i zwar aber weiss net wo ich die Text Version finde ..... ich such noch mal Gleich wider da
__________________
--> Spyware eingefangen .... !

Alt 22.07.2014, 22:07   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Ich klink mich hier aus, schrauber hilft dir. Kaplah!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2014, 22:10   #8
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Zitat:
Zitat von cosinus Beitrag anzeigen
Ich klink mich hier aus, schrauber hilft dir. Kaplah!
Du ..........)/(&%%&/())= Hmpf , wenn die Sternenflotte mal richtig Qapla' sagen würden....


Qapla'



__________________
Heghlu'meH QaQ jajvam !

Alt 22.07.2014, 22:12   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Nach einem Teller Gagh und einem Krug Blutwein schreibt man nicht mehr richtig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2014, 22:16   #10
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Back to Topic !

Kannst Du mir noch schnell sagen wo ich das KIS Log finde? Ich such mich schon tot
__________________
Heghlu'meH QaQ jajvam !

Alt 22.07.2014, 22:49   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



So auf die Schnelle leider nicht...mach doch mal ein Feuerchen und glaube fest an Kahless, der zeigt dir schon den rechten Pfad

Mal so als Überlegung: aus dem Hauptmenü wirst du nicht schlau? Wir können hier leider nicht zu jedem der AV-Lösungen eine bebilderte Anleitung liefern...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2014, 22:54   #12
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



I don't need a Fire to belive in Kahless !

Im Hauptmenü komm ich schon zu den Berichten, aber wie ich die in was textiges konvertiere oder wo auch immer KIS diese Logs in Text Form speichert
__________________
Heghlu'meH QaQ jajvam !

Alt 22.07.2014, 22:56   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Dann lass es einfach sein

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2014, 23:27   #14
rotaran
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Hier Nr.1

Code:
ATTFilter
# AdwCleaner v3.216 - Bericht erstellt am 22/07/2014 um 23:05:26
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : mr.x - MRX-PC
# Gestartet von : C:\Users\mr.x\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\browserprotect@browserprotect.com.xpi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\a5qjghpl.default\prefs.js ]


[ Datei : C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1412 octets] - [22/07/2014 23:04:46]
AdwCleaner[S0].txt - [1333 octets] - [22/07/2014 23:05:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1393 octets] ##########
         
Nr.2
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by mr.x on 22.07.2014 at 23:11:28,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\mr.x\AppData\Roaming\mozilla\firefox\profiles\i8knnz7q.default\minidumps [86 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2014 at 23:19:58,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und ein frisches FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by mr.x (administrator) on MRX-PC on 22-07-2014 23:22:24
Running from C:\Users\mr.x\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [ScreenManager Pro for LCD (DDCCI)] => C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [4751848 2012-12-14] (EIZO Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-648447735-2230146337-2693748210-1000\...\MountPoints2: {8eb5d7cc-600e-11e1-b42b-1c6f65472f2b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default
FF Homepage: https://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-17]
FF Extension: Ghostery - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-17]
FF Extension: Adblock Edge - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 23:19 - 2014-07-22 23:19 - 00000755 _____ () C:\Users\mr.x\Desktop\JRT.txt
2014-07-22 23:10 - 2014-07-22 23:10 - 01016261 _____ (Thisisu) C:\Users\mr.x\Desktop\JRT.exe
2014-07-22 23:04 - 2014-07-22 23:05 - 00000000 ____D () C:\AdwCleaner
2014-07-22 23:02 - 2014-07-22 23:02 - 01354223 _____ () C:\Users\mr.x\Desktop\adwcleaner_3.216.exe
2014-07-22 21:58 - 2014-07-22 21:59 - 00022361 _____ () C:\Users\mr.x\Desktop\Addition.txt
2014-07-22 10:38 - 2014-07-22 23:22 - 00015755 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 00:56 - 2014-07-22 23:06 - 00020832 _____ () C:\Windows\PFRO.log
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:09 - 2014-07-22 23:06 - 00001176 _____ () C:\Windows\setupact.log
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-10 15:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== One Month Modified Files and Folders =======

2014-07-22 23:22 - 2014-07-22 10:38 - 00015755 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 23:22 - 2014-02-25 12:59 - 00000000 ____D () C:\FRST
2014-07-22 23:19 - 2014-07-22 23:19 - 00000755 _____ () C:\Users\mr.x\Desktop\JRT.txt
2014-07-22 23:14 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 23:14 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 23:11 - 2013-10-29 17:49 - 01276258 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 23:10 - 2014-07-22 23:10 - 01016261 _____ (Thisisu) C:\Users\mr.x\Desktop\JRT.exe
2014-07-22 23:08 - 2013-12-03 04:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 23:06 - 2014-07-22 00:56 - 00020832 _____ () C:\Windows\PFRO.log
2014-07-22 23:06 - 2014-07-21 11:09 - 00001176 _____ () C:\Windows\setupact.log
2014-07-22 23:06 - 2013-10-29 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 23:06 - 2012-02-26 04:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-22 23:06 - 2012-02-26 02:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-22 23:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 23:05 - 2014-07-22 23:04 - 00000000 ____D () C:\AdwCleaner
2014-07-22 23:02 - 2014-07-22 23:02 - 01354223 _____ () C:\Users\mr.x\Desktop\adwcleaner_3.216.exe
2014-07-22 22:52 - 2012-04-04 19:52 - 00000310 _____ () C:\Windows\Tasks\DMEPeriodicTask.job
2014-07-22 21:59 - 2014-07-22 21:58 - 00022361 _____ () C:\Users\mr.x\Desktop\Addition.txt
2014-07-22 10:38 - 2014-02-25 12:58 - 02090496 _____ (Farbar) C:\Users\mr.x\Desktop\FRST64.exe
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:32 - 2012-08-15 21:06 - 00000000 ____D () C:\Users\mr.x\AppData\Roaming\TS3Client
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 01:08 - 2014-05-16 18:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 00:55 - 2012-02-26 01:54 - 00000000 ____D () C:\Users\mr.x
2014-07-22 00:31 - 2014-03-15 04:17 - 00000000 ____D () C:\Users\mr.x\AppData\Local\Battle.net
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:37 - 2014-01-30 19:26 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-17 17:52 - 2012-08-15 21:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-15 17:29 - 2014-05-14 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 17:29 - 2014-05-14 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 22:00 - 2012-08-18 18:32 - 00000000 ____D () C:\Users\Gast\Desktop\special
2014-07-10 15:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 15:17 - 2013-08-07 19:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 15:16 - 2012-02-26 03:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 15:09 - 2014-03-15 04:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-30 23:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

Some content of TEMP:
====================
C:\Users\mr.x\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 15:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by mr.x at 2014-07-22 23:22:41
Running from C:\Users\mr.x\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
B109a-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{61CF2C86-8E46-4210-A115-E4D6C65AF369}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScreenManager Pro for LCD (DDC/CI) (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.3.3 - EIZO Corporation)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WarrantyExtension (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKCU\...\{7129FC23-A106-4F45-9D47-E36342C1D310}) (Version: 21.00.8480 - Buhl Data Service GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

07-07-2014 19:35:32 Automatic creation
08-07-2014 17:42:40 Automatic creation
09-07-2014 17:48:22 Automatic creation
10-07-2014 13:51:34 Automatic creation
11-07-2014 17:09:22 Automatic creation
12-07-2014 21:35:04 Automatic creation
13-07-2014 21:26:04 Automatic creation
14-07-2014 17:10:58 Automatic creation
15-07-2014 15:56:37 Automatic creation
16-07-2014 12:45:13 Automatic creation
17-07-2014 15:17:30 Automatic creation
18-07-2014 20:25:22 Automatic creation
19-07-2014 20:41:51 Automatic creation
20-07-2014 17:12:39 Automatic creation
21-07-2014 23:26:35 Automatic creation
22-07-2014 20:20:36 Automatic creation

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7E578444-5154-4D62-A4A8-A7EDE776DEF7} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {8ABE2292-9094-4E79-A7A4-45872B7868D4} - System32\Tasks\DMEPeriodicTask => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16] (Hewlett-Packard)
Task: {A20AC01E-9C49-4EDF-B901-E68ACFC5DC09} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {D42C1AC9-3D30-42B4-8725-E1C92FFC8714} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6E12869-4BA3-4828-B31E-EF1416AE4529} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\DMEPeriodicTask.job => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 17:27 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-26 02:03 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-02-26 02:03 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-17 03:24 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-15 17:29 - 2014-07-15 17:29 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.115
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8119.49 MB
Available physical RAM: 6065.13 MB
Total Pagefile: 16237.16 MB
Available Pagefile: 13936.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:348.48 GB) (Free:256.25 GB) NTFS
Drive d: (Volume) (Fixed) (Total:117.19 GB) (Free:117.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 84DF4A66)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Und noch ne Frage: Malewarebyts erste Untersuchung... da habe ich alles in Qarnatäne verschoben... muss das nicht auch gelöscht werden??
__________________
Heghlu'meH QaQ jajvam !

Alt 22.07.2014, 23:46   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware eingefangen .... ! - Standard

Spyware eingefangen .... !



Überleg mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Spyware eingefangen .... !
ansehen, audiograbber, bedrohung, downloaden, eingefangen, gefangen, glaskugel, interne, msil/advancedsystemprotector.d, neustart, quarantäne, spyware, unerwünschte, unerwünschten, win32/bundled.toolbar.google.d, win32/bundled.toolbar.google.e, zuverlässig



Ähnliche Themen: Spyware eingefangen .... !


  1. Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (17)
  2. Spyware Z.Bot124.Gen eingefangen
    Log-Analyse und Auswertung - 19.08.2012 (25)
  3. spyware hunter eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (15)
  4. Spyware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (1)
  5. Warning! Spyware detected on your computer install an antivirus or spyware remover to
    Plagegeister aller Art und deren Bekämpfung - 11.09.2008 (30)
  6. Warning. Spyware detected on your computer. Install an Antivirus or spyware ...
    Plagegeister aller Art und deren Bekämpfung - 25.08.2008 (4)
  7. Spyware.BHO
    Plagegeister aller Art und deren Bekämpfung - 25.07.2008 (2)
  8. MSN Virus/Spyware o.ä. eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.11.2007 (3)
  9. Hab mir eine Spyware und einen Trojaner eingefangen - Brauche Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.03.2007 (15)
  10. cydoor spyware eingefangen
    Log-Analyse und Auswertung - 24.08.2006 (10)
  11. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  12. Trojaner/Spyware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2006 (17)
  13. Habe mir Virus oder Spyware eingefangen
    Log-Analyse und Auswertung - 31.12.2005 (5)
  14. Spyware eingefangen?
    Log-Analyse und Auswertung - 29.12.2005 (11)
  15. Spyware
    Log-Analyse und Auswertung - 20.12.2005 (8)
  16. Spyware, keine ahnung wo sie sein soll, pc hat keine anzeichen von spyware
    Plagegeister aller Art und deren Bekämpfung - 07.12.2005 (6)
  17. Trojaner/Spyware eingefangen! Wie weiter?
    Plagegeister aller Art und deren Bekämpfung - 01.12.2005 (5)

Zum Thema Spyware eingefangen .... ! - hallo! Das böse Internet hat mich mal wider reingelegt. Als ich mir den Audiograbber downloaden wollte ( als zuverlässig und sicher empfohlen) .. ähm und dies auch tat bekam ich - Spyware eingefangen .... !...
Archiv
Du betrachtest: Spyware eingefangen .... ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.