Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.12.2014, 15:05   #1
sap_all
 
Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Hallo zusammen,

Seit ein paar Wochen tauchen auf einmal hunderte Mails mit dem oben genannten Betreff.
Provider hat schon die Mail-Konten gesperrt.
Ich habe gestern versucht mit AdvCleaner, Malwarebytes und JRT das System zu bereinigen, heute habe ich noch ESET-Scan ausgeführt, bin aber nicht sicher ob jetzt alles sauber ist.

Meine Frau nutzt Notebook auch Gewerblich (eine kleine Hundebetreuung)

Ich hoffe, daß Ihr uns helfen könnt.

defogger_disable.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:44 on 22/12/2014 (moos)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt (von heute):
Code:
ATTFilter
LastRegBack: 2014-12-22 11:23

==================== End Of Log ============================
         
GMER bricht mit APPCRASH ab:
Code:
ATTFilter
Problemereignisname:	APPCRASH
  Anwendungsname:	Gmer-19357.exe
  Anwendungsversion:	2.1.19357.0
  Anwendungszeitstempel:	52e7ea83
  Fehlermodulname:	Gmer-19357.exe
  Fehlermodulversion:	2.1.19357.0
  Fehlermodulzeitstempel:	52e7ea83
  Ausnahmecode:	c0000005
  Ausnahmeoffset:	00011cba
  Betriebsystemversion:	6.1.7601.2.1.0.256.1
  Gebietsschema-ID:	1031
  Zusatzinformation 1:	0a9e
  Zusatzinformation 2:	0a9e372d3b4ad19135b953a78882e789
  Zusatzinformation 3:	0a9e
  Zusatzinformation 4:	0a9e372d3b4ad19135b953a78882e789
         
ESET.txt:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7544f554d949ca45b311171e8b6cc8cd
# engine=21662
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-22 02:05:02
# local_time=2014-12-22 03:05:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1290 16777214 100 99 11443 74027024 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 788127 170886952 0 0
# scanned=235681
# found=3
# cleaned=3
# scan_time=7863
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=34BCDE11A22683EC42F88CF11A55DF978A1CA53B ft=1 fh=902e7624f4009a9d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\moos\AppData\Local\Temp\OCS\ocs_v7d.exe.vir"
sh=23ECD1A8196FFDEB6AA2FB57FBE216C3C4C27BEC ft=1 fh=db29e6b31c795258 vn="Variante von Win32/Adware.AddLyrics.K Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\moos\AppData\Local\Temp\vdsvrup.exe"
         
JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by moos on 22.12.2014 at  5:25:11,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69f5c9e8-0065-4e85-934b-6f68c8b94479}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{69f5c9e8-0065-4e85-934b-6f68c8b94479}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69f5c9e8-0065-4e85-934b-6f68c8b94479}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{69f5c9e8-0065-4e85-934b-6f68c8b94479}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Emptied folder: C:\Users\moos\AppData\Roaming\mozilla\firefox\profiles\3jb9vr8e.default\minidumps [62 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.12.2014 at  5:29:27,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
MBAM.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 22.12.2014 02:02:45, SYSTEM, SYSCD, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 22.12.2014 02:02:45, SYSTEM, SYSCD, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1, 
Update, 22.12.2014 02:02:49, SYSTEM, SYSCD, Manual, Malware Database, 2014.11.20.6, 2014.12.22.1, 
Scan, 22.12.2014 04:56:43, SYSTEM, SYSCD, Manual, Start: % 1 "% 2", Dauer: % 1 Std. 2 6 Minuten, Benutzerdefinierter Suchlauf, Abgeschlossen, 2 Malwareerkennung, 4-Malwareerkennung, 

(end)
         
ADWCleaner.txt:
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 22/12/2014 um 05:13:11
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : moos - SYSCD
# Gestartet von : C:\Users\moos\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Skype C2C Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\VideoSaver
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Users\moos\AppData\Local\Temp\Babylon
Ordner Gelöscht : C:\Users\moos\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Users\moos\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\moos\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\moos\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\moos\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\moos\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Users\moos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[!] Ordner Gelöscht : C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default\Extensions\adapter@babylontc.com.xpi
[!] Ordner Gelöscht : C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default\Extensions\ocr@babylon.com.xpi
Datei Gelöscht : C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default\Extensions\adapter@babylontc.com.xpi
Datei Gelöscht : C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default\Extensions\ocr@babylon.com.xpi
Datei Gelöscht : C:\Users\moos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\moos\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [Tubesaver@istqt.co]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tubesaver@istqt.co

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v34.0.5 (x86 de)

[3jb9vr8e.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,ocr%40babylon.com:1.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5");

*************************

AdwCleaner[R0].txt - [8747 octets] - [22/12/2014 05:11:08]
AdwCleaner[S0].txt - [8353 octets] - [22/12/2014 05:13:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8413 octets] ##########
         
Vielen Dank im voraus
sap_all

Alt 22.12.2014, 15:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



hi,

FRST löschen und neu laden, dann bitte Haken setzen bei Addition und scannen. Poste bitte beide Logs.
__________________

__________________

Alt 22.12.2014, 15:53   #3
sap_all
 
Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



vielen Dank für die prompte Hilfe!!!

FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by moos (administrator) on SYSCD on 22-12-2014 16:46:35
Running from C:\Users\moos\Desktop
Loaded Profile: moos (Available profiles: moos)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\RunOnce: [Adobe Speed Launcher] => 1419222862
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe [524680 2013-10-18] (Adobe Systems Incorporated)
Startup: C:\Users\moos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\moos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\executable\WISO\Steuersoftware_2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://109.90.56.90/XTunnel64.cab
DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab
DPF: HKLM {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://iptv.kartina.tv/files/bin/VLC%20TV%20Player.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5.0 -> C:\Program Files (x86)\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}] - C:\Program Files (x86)\Kartina.TV\VLC\npvlc.dll
FF Extension: No Name - C:\Program Files (x86)\Kartina.TV\VLC\npvlc.dll [2011-04-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-04-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-04-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\128.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182272 2011-12-27] () [File not signed]
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-02-14] (The OpenVPN Project)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Crypkey License; crypserv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cxbu1x64; C:\Windows\System32\DRIVERS\cxbu1x64.sys [128896 2009-08-28] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-29] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-22] ()
R3 SSLDrv; C:\Windows\System32\DRIVERS\SSLDrv.sys [20064 2010-04-01] (Cavium Networks)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 pxldypog; \??\C:\Users\moos\AppData\Local\Temp\pxldypog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 16:46 - 2014-12-22 16:46 - 00017708 _____ () C:\Users\moos\Desktop\FRST.txt
2014-12-22 16:45 - 2014-12-22 16:45 - 02122240 _____ (Farbar) C:\Users\moos\Desktop\FRST64.exe
2014-12-22 16:17 - 2014-12-22 16:17 - 00001548 _____ () C:\Users\moos\Desktop\gmer.txt
2014-12-22 15:05 - 2014-12-22 15:10 - 00001559 _____ () C:\Users\moos\Desktop\eset.txt
2014-12-22 12:50 - 2014-12-22 12:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-22 12:48 - 2014-12-22 12:47 - 02347384 _____ (ESET) C:\Users\moos\Desktop\esetsmartinstaller_deu.exe
2014-12-22 12:47 - 2014-12-22 12:47 - 02347384 _____ (ESET) C:\Users\moos\Downloads\esetsmartinstaller_deu.exe
2014-12-22 10:50 - 2014-12-22 10:50 - 00028937 _____ () C:\Users\moos\Desktop\Addition.txt
2014-12-22 05:29 - 2014-12-22 05:29 - 00001568 _____ () C:\Users\moos\Desktop\JRT.txt
2014-12-22 05:25 - 2014-12-22 05:25 - 00000000 ____D () C:\Windows\ERUNT
2014-12-22 05:23 - 2014-12-22 05:22 - 01707646 _____ (Thisisu) C:\Users\moos\Desktop\JRT.exe
2014-12-22 05:22 - 2014-12-22 05:22 - 01707646 _____ (Thisisu) C:\Users\moos\Downloads\JRT.exe
2014-12-22 05:10 - 2014-12-22 05:13 - 00000000 ____D () C:\AdwCleaner
2014-12-22 05:09 - 2014-12-22 05:09 - 02173952 _____ () C:\Users\moos\Downloads\AdwCleaner_4.106.exe
2014-12-22 05:09 - 2014-12-22 05:09 - 02173952 _____ () C:\Users\moos\Desktop\AdwCleaner_4.106.exe
2014-12-22 02:02 - 2014-12-22 05:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 02:02 - 2014-12-22 02:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-22 02:02 - 2014-12-22 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 02:02 - 2014-12-22 02:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 02:02 - 2014-12-22 02:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 02:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-22 02:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-22 02:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-22 02:01 - 2014-12-22 02:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\moos\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 01:00 - 2014-12-22 00:59 - 00380416 _____ () C:\Users\moos\Desktop\Gmer-19357.exe
2014-12-22 00:59 - 2014-12-22 00:59 - 00380416 _____ () C:\Users\moos\Downloads\Gmer-19357.exe
2014-12-22 00:49 - 2014-12-22 16:46 - 00000000 ____D () C:\FRST
2014-12-22 00:44 - 2014-12-22 00:44 - 00000000 _____ () C:\Users\moos\defogger_reenable
2014-12-22 00:42 - 2014-12-22 00:42 - 00050477 _____ () C:\Users\moos\Desktop\Defogger.exe
2014-12-16 22:08 - 2014-12-16 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-12 15:57 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 15:57 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 15:57 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 15:57 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 15:57 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 15:57 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 15:57 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 15:57 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 15:57 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 15:57 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-12 15:56 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 15:56 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 15:55 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 15:55 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-12 15:55 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 15:55 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 15:55 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 15:55 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 15:55 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 15:55 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-12 15:55 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-12 15:55 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-12 15:55 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 15:55 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 15:55 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-12 15:55 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 15:55 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-12 15:55 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 15:55 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 15:55 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 15:55 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 15:55 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 15:55 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 15:55 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 15:55 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 15:55 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-12 15:55 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-12 15:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 15:54 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 15:54 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 15:54 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 15:54 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 15:53 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 15:53 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 15:53 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 15:53 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 15:53 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 15:53 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 15:53 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 15:53 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 15:53 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 15:53 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-11-22 11:31 - 2014-12-22 01:17 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 16:34 - 2013-04-29 18:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-22 16:19 - 2011-12-10 03:41 - 01144893 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 11:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 05:41 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 05:41 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 05:38 - 2011-12-10 17:51 - 00719424 _____ () C:\Windows\system32\perfh019.dat
2014-12-22 05:38 - 2011-12-10 17:51 - 00152682 _____ () C:\Windows\system32\perfc019.dat
2014-12-22 05:38 - 2010-11-21 07:50 - 00702648 _____ () C:\Windows\system32\perfh007.dat
2014-12-22 05:38 - 2010-11-21 07:50 - 00151408 _____ () C:\Windows\system32\perfc007.dat
2014-12-22 05:38 - 2009-07-14 06:13 - 02501638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 05:33 - 2011-12-27 15:38 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-12-22 05:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 05:33 - 2009-07-14 05:51 - 00048532 _____ () C:\Windows\setupact.log
2014-12-22 05:14 - 2010-11-21 04:47 - 00067296 _____ () C:\Windows\PFRO.log
2014-12-22 04:56 - 2011-12-27 15:38 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-22 01:07 - 2012-05-31 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 00:44 - 2011-12-10 03:57 - 00000000 ____D () C:\Users\moos
2014-12-22 00:35 - 2011-12-27 16:05 - 00000000 ____D () C:\Users\moos\Documents\Outlook-Dateien
2014-12-14 12:35 - 2013-03-24 17:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 12:07 - 2013-09-01 14:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 15:59 - 2011-12-10 17:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-28 21:32 - 2011-12-27 21:14 - 00000000 ____D () C:\Users\moos\AppData\Local\FreePDF_XP
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 13:28 - 2011-12-27 21:46 - 00000000 ____D () C:\Users\moos\AppData\Local\Mozilla

Some content of TEMP:
====================
C:\Users\moos\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\moos\AppData\Local\Temp\Quarantine.exe
C:\Users\moos\AppData\Local\Temp\QuickStores_Unlocker.exe
C:\Users\moos\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 11:23

==================== End Of Log ============================
         
--- --- ---


Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by moos at 2014-12-22 16:47:08
Running from C:\Users\moos\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Allway Sync version 12.0.0 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D6120CE6-6591-A00E-E7EA-02CC3F47BF11}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-375CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2011.0316.116.298 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
C-Map PCMCIA and USB drivers (HKLM-x32\...\InstallShield_{98C61F22-8B4F-416E-A4BF-54FCC10509E0}) (Version: 1.00.0000 - C-Map)
C-Map PCMCIA and USB drivers (x32 Version: 1.00.0000 - C-Map) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
G&D StarSign USB Token für ELSTER (HKLM-x32\...\InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}) (Version: 1.2.0 - Secunet Security Networks AG)
G&D StarSign USB Token für ELSTER (Version: 1.2.0 - Secunet Security Networks AG) Hidden
Garmin BaseCamp (HKLM-x32\...\{74E69F8A-BCBB-4A0A-9361-32225755D8C3}) (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2011.10 (HKLM-x32\...\{74D21920-3B72-494F-9042-8C26E1E99FDC}) (Version: 14.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}) (Version: 1.1.8.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{014C6C60-4916-48F7-916E-E8048E12E9F1}) (Version: 4.0.3.1 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{B570A046-A176-4BBA-8C33-E8844E1C6F98}) (Version: 3.4.0.0 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50015.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 2 Runtime Environment Standard Edition 1.3.1_02 (HKLM-x32\...\JRE 1.3.1_02) (Version:  - )
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobaXterm (HKLM-x32\...\{609443FC-1511-4F1C-BF24-F118B57DBDFE}) (Version: 6.2.0.0 - Mobatek)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Mp3tag v2.49a (HKLM-x32\...\Mp3tag) (Version: v2.49a - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.7 - )
OpenCPN 2.5.0 (HKLM-x32\...\OpenCPN 2.5.0) (Version: 2.5.0 - opencpn.org)
OpenVPN 2.3.0-I004  (HKLM\...\OpenVPN) (Version: 2.3.0-I004 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PdfGrabber 7.0 (64bit) (HKLM\...\{01517A48-9217-431B-821C-F89F53918E3D}) (Version: 7.0 - PixelPlanet)
PixelPlanet PdfPrinter 6 (64bit) (HKLM\...\{B8E88489-A304-45F1-9717-242035DE167D}) (Version: 6.03.23 - PixelPlanet)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{2E248EC3-2D89-40AB-B88A-48AA24DBEF6F}) (Version: 6.5 - Silicon Laboratories, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Stamina 2.5 (HKLM-x32\...\Stamina) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12799 - TeamViewer)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB CCID Smartcard Reader - Version 1.2.1.2 (HKLM\...\{939913F9-F134-4E9E-B879-BE6755B69952}) (Version: 3.0.0.1 - USB CCID)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VLC TV Player (HKLM-x32\...\{4937160D-9A3B-429C-A82E-645116A4EB17}) (Version: 1.0.5.0 - Kartina Digital GmbH)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
WinSCP 4.3.6 (HKLM-x32\...\winscp3_is1) (Version: 4.3.6 - Martin Prikryl)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\{39F9627F-238E-41A0-9A63-DB63D4A7FAB3}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{02C4B6C6-895A-38AC-8327-20E08FA7C4A5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{07A8E1BD-1ECA-3709-91F3-C2BF294E2DFF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{0D6D0FF1-FAB9-31D9-885F-A8D8B4C6EFE0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{1C5EB3BE-A2CF-370E-9A48-45EF256D46BD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{1DABD907-F23D-3667-B37E-3E99D623C797}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{27CBCF65-D9C4-3D70-8422-1DA7D1DADA78}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{4894BBA6-D4CC-3D55-8DFD-071672DD7266}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{56D99ED8-90CE-32A9-B47D-C43AACA32D07}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{5B0D956D-952D-3D8A-8911-A50AB2D8BA42}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{67C088F9-A9D1-3F23-A910-809E77E637F7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{6EAE8D1A-5927-3BA4-8A34-E8BE755DD5FF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{7BC51EA2-DBAF-4959-8D27-F6DAB5A6E7F5}\InprocServer32 -> C:\Program Files (x86)\Different Solutions GmbH\VtigerOutlookPlugin\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{86E40E47-E6C5-31F5-8E62-6C539A21AC92}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{896AFAA6-C41E-3847-A741-65FC40253347}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{8FD3E1D6-F04F-3BC2-BD2B-10FE50334CE3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{94A9A0FF-B0B8-3570-994B-9A30F9F64738}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{959737BC-CB46-331C-8C58-BFB7F57A62F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{97B04D15-C88C-3B6E-8F54-D1B106B7F6DF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{C5664226-AA06-3421-B6F7-80EC7FD82A09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{D38570CF-E2E7-31C7-BB5D-2A4F195DDFF3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{DD6571ED-AB60-3EEC-AACA-A21C098F1F01}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{E302D261-868A-3532-A324-0A11424775CE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{E35CCD5F-53F7-317D-8F63-AACF8E3B601A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{EC7BC096-150A-3430-BC36-42D52D87D0C6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{FC9C2C26-8228-34ED-BBCA-7CC78B1DEA19}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{FEC8A2B9-150B-37CE-98F7-377B8BA5E3F5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{FEFD3133-3473-3B10-B07E-C99C6FB4E2FC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-12-2014 22:32:46 Geplanter Prüfpunkt
12-12-2014 15:56:22 Windows Update
22-12-2014 01:02:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-04-17 18:16 - 00000896 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.1		router
192.168.1.2		cisco
192.168.1.3		nas	nas.moos.dom


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CCC4953-9025-43D5-B25B-16E1A5093480} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {88F91FD3-386F-43F0-8174-B8B480A8EC69} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C96C6316-5D01-410E-AB19-07C1D5557B6E} - System32\Tasks\{B8BF1D94-1264-4F7C-9FC4-D9767BB1C131} => pcalua.exe -a C:\Users\moos\Downloads\NETGEAR\vpnclient\VPNClient-V2.10.8.3.exe -d C:\Users\moos\Downloads\NETGEAR\vpnclient
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2011-12-27 21:11 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-01-02 00:34 - 2011-12-27 12:32 - 00182272 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2010-10-08 06:18 - 2010-10-08 06:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 08:25 - 2010-09-02 08:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2011-12-27 20:39 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-16 01:14 - 2011-03-16 01:14 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2012-08-17 20:39 - 2013-04-29 18:56 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2014-12-08 20:36 - 2014-02-10 18:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Gast (S-1-5-21-3642530901-2315677370-1014022866-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3642530901-2315677370-1014022866-1002 - Limited - Enabled)
moos (S-1-5-21-3642530901-2315677370-1014022866-1000 - Administrator - Enabled) => C:\Users\moos
root (S-1-5-21-3642530901-2315677370-1014022866-500 - Administrator - Disabled)

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2014 03:08:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:50:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:48:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 11:02:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011cba
ID des fehlerhaften Prozesses: 0x10f0
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (12/22/2014 09:46:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011cba
ID des fehlerhaften Prozesses: 0xf70
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (12/22/2014 05:33:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/22/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
NetworkX

Error: (12/22/2014 05:33:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Crypkey License" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/22/2014 05:33:45 AM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.


Microsoft Office Sessions:
=========================
Error: (12/22/2014 03:08:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/22/2014 00:50:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:48:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Downloads\esetsmartinstaller_deu.exe

Error: (12/22/2014 11:02:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500011cba10f001d01dcda6e6a81cC:\Users\moos\Desktop\Gmer-19357.exeC:\Users\moos\Desktop\Gmer-19357.exea6c1087e-89c1-11e4-9e82-70f395d7ef47

Error: (12/22/2014 09:46:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500011cbaf7001d01dc2e2e98805C:\Users\moos\Desktop\Gmer-19357.exeC:\Users\moos\Desktop\Gmer-19357.exe0eea522b-89b7-11e4-9e82-70f395d7ef47

Error: (12/22/2014 05:33:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-22 02:55:26.836
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:55:26.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:55:26.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:24:57.719
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:24:57.717
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:24:57.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.274
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.253
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 7929.56 MB
Available physical RAM: 5625.87 MB
Total Pagefile: 15857.3 MB
Available Pagefile: 13496.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:29.2 GB) NTFS
Drive d: (DATA) (Fixed) (Total:102.78 GB) (Free:27.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9315B1BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=06)
Partition 4: (Not Active) - (Size=102.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 23.12.2014, 15:56   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
S2 Crypkey License; crypserv.exe [X]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.12.2014, 16:30   #5
sap_all
 
Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01
Ran by moos at 2014-12-23 17:27:39 Run:1
Running from C:\Users\moos\Desktop
Loaded Profile: moos (Available profiles: moos)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
S2 Crypkey License; crypserv.exe [X]
*****************

C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Crypkey License => Service deleted successfully.

==== End of Fixlog 17:27:39 ====
         


Alt 24.12.2014, 16:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Passwort zum Mail Acc geändert? Kommen noch Mails`?
__________________
--> Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender

Alt 30.12.2014, 00:50   #7
sap_all
 
Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Hallo Schrauber,
Passw. für Mail Accounts wurden geändert, aber ich habe noch nicht im Outlook neue PW eingetragen, wollte erst sicher sein, dass mein Notebook sauber ist; sonst werden die Konten wieder gesperrt.

hier die aktuelle Logs:
FRST.log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by moos (administrator) on SYSCD on 30-12-2014 01:18:19
Running from C:\Users\moos\Desktop
Loaded Profile: moos (Available profiles: moos)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\RunOnce: [Adobe Speed Launcher] => 1419352529
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe [524680 2013-10-18] (Adobe Systems Incorporated)
Startup: C:\Users\moos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\moos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\executable\WISO\Steuersoftware_2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://109.90.56.90/XTunnel64.cab
DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab
DPF: HKLM {9BE31822-FDAD-461B-AD51-BE1D1C159921} hxxp://iptv.kartina.tv/files/bin/VLC%20TV%20Player.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\moos\AppData\Roaming\Mozilla\Firefox\Profiles\3jb9vr8e.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5.0 -> C:\Program Files (x86)\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}] - C:\Program Files (x86)\Kartina.TV\VLC\npvlc.dll
FF Extension: No Name - C:\Program Files (x86)\Kartina.TV\VLC\npvlc.dll [2011-04-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-04-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-04-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\128.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182272 2011-12-27] () [File not signed]
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-02-14] (The OpenVPN Project)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cxbu1x64; C:\Windows\System32\DRIVERS\cxbu1x64.sys [128896 2009-08-28] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-29] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-22] ()
R3 SSLDrv; C:\Windows\System32\DRIVERS\SSLDrv.sys [20064 2010-04-01] (Cavium Networks)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 01:18 - 2014-12-30 01:18 - 00017905 _____ () C:\Users\moos\Desktop\FRST.txt
2014-12-30 01:14 - 2014-12-30 01:14 - 02123264 _____ (Farbar) C:\Users\moos\Desktop\FRST64.exe
2014-12-22 16:46 - 2014-12-22 16:47 - 00032573 _____ () C:\Users\moos\Desktop\FRST_44.txt
2014-12-22 16:17 - 2014-12-22 16:17 - 00001548 _____ () C:\Users\moos\Desktop\gmer.txt
2014-12-22 15:05 - 2014-12-22 15:10 - 00001559 _____ () C:\Users\moos\Desktop\eset.txt
2014-12-22 12:50 - 2014-12-22 12:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-22 12:48 - 2014-12-22 12:47 - 02347384 _____ (ESET) C:\Users\moos\Desktop\esetsmartinstaller_deu.exe
2014-12-22 12:47 - 2014-12-22 12:47 - 02347384 _____ (ESET) C:\Users\moos\Downloads\esetsmartinstaller_deu.exe
2014-12-22 10:50 - 2014-12-22 16:47 - 00040235 _____ () C:\Users\moos\Desktop\Addition_44.txt
2014-12-22 05:29 - 2014-12-22 05:29 - 00001568 _____ () C:\Users\moos\Desktop\JRT.txt
2014-12-22 05:25 - 2014-12-22 05:25 - 00000000 ____D () C:\Windows\ERUNT
2014-12-22 05:23 - 2014-12-22 05:22 - 01707646 _____ (Thisisu) C:\Users\moos\Desktop\JRT.exe
2014-12-22 05:22 - 2014-12-22 05:22 - 01707646 _____ (Thisisu) C:\Users\moos\Downloads\JRT.exe
2014-12-22 05:10 - 2014-12-22 05:13 - 00000000 ____D () C:\AdwCleaner
2014-12-22 05:09 - 2014-12-22 05:09 - 02173952 _____ () C:\Users\moos\Downloads\AdwCleaner_4.106.exe
2014-12-22 05:09 - 2014-12-22 05:09 - 02173952 _____ () C:\Users\moos\Desktop\AdwCleaner_4.106.exe
2014-12-22 02:02 - 2014-12-22 05:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 02:02 - 2014-12-22 02:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-22 02:02 - 2014-12-22 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 02:02 - 2014-12-22 02:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 02:02 - 2014-12-22 02:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 02:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-22 02:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-22 02:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-22 02:01 - 2014-12-22 02:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\moos\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 01:00 - 2014-12-22 00:59 - 00380416 _____ () C:\Users\moos\Desktop\Gmer-19357.exe
2014-12-22 00:59 - 2014-12-22 00:59 - 00380416 _____ () C:\Users\moos\Downloads\Gmer-19357.exe
2014-12-22 00:49 - 2014-12-30 01:18 - 00000000 ____D () C:\FRST
2014-12-22 00:44 - 2014-12-22 00:44 - 00000000 _____ () C:\Users\moos\defogger_reenable
2014-12-22 00:42 - 2014-12-22 00:42 - 00050477 _____ () C:\Users\moos\Desktop\Defogger.exe
2014-12-16 22:08 - 2014-12-16 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-12 15:57 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 15:57 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 15:57 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 15:57 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 15:57 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 15:57 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 15:57 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 15:57 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 15:57 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 15:57 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-12 15:56 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 15:56 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 15:55 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 15:55 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-12 15:55 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 15:55 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 15:55 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 15:55 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 15:55 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 15:55 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-12 15:55 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-12 15:55 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-12 15:55 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-12 15:55 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 15:55 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 15:55 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-12 15:55 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 15:55 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-12 15:55 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 15:55 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 15:55 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 15:55 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 15:55 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 15:55 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 15:55 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 15:55 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 15:55 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 15:55 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 15:55 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-12 15:55 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-12 15:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 15:54 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 15:54 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 15:54 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 15:54 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 15:53 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 15:53 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 15:53 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 15:53 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 15:53 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 15:53 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 15:53 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 15:53 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 15:53 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 15:53 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 00:58 - 2013-04-29 18:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-30 00:56 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 00:56 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 00:52 - 2011-12-10 03:41 - 01189782 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 00:33 - 2011-12-27 16:05 - 00000000 ____D () C:\Users\moos\Documents\Outlook-Dateien
2014-12-23 17:39 - 2011-12-10 17:51 - 00719424 _____ () C:\Windows\system32\perfh019.dat
2014-12-23 17:39 - 2011-12-10 17:51 - 00152682 _____ () C:\Windows\system32\perfc019.dat
2014-12-23 17:39 - 2010-11-21 07:50 - 00702648 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 17:39 - 2010-11-21 07:50 - 00151408 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 17:39 - 2009-07-14 06:13 - 02501638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 17:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 17:34 - 2009-07-14 05:51 - 00048700 _____ () C:\Windows\setupact.log
2014-12-22 11:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 05:14 - 2010-11-21 04:47 - 00067296 _____ () C:\Windows\PFRO.log
2014-12-22 01:17 - 2014-11-22 11:31 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-22 01:07 - 2012-05-31 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 00:44 - 2011-12-10 03:57 - 00000000 ____D () C:\Users\moos
2014-12-14 12:35 - 2013-03-24 17:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 12:07 - 2013-09-01 14:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 15:59 - 2011-12-10 17:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\moos\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\moos\AppData\Local\Temp\Quarantine.exe
C:\Users\moos\AppData\Local\Temp\QuickStores_Unlocker.exe
C:\Users\moos\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-30 00:41

==================== End Of Log ============================
         
--- --- ---


Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by moos at 2014-12-30 01:19:15
Running from C:\Users\moos\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Allway Sync version 12.0.0 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D6120CE6-6591-A00E-E7EA-02CC3F47BF11}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-375CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2011.0316.116.298 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
C-Map PCMCIA and USB drivers (HKLM-x32\...\InstallShield_{98C61F22-8B4F-416E-A4BF-54FCC10509E0}) (Version: 1.00.0000 - C-Map)
C-Map PCMCIA and USB drivers (x32 Version: 1.00.0000 - C-Map) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
G&D StarSign USB Token für ELSTER (HKLM-x32\...\InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}) (Version: 1.2.0 - Secunet Security Networks AG)
G&D StarSign USB Token für ELSTER (Version: 1.2.0 - Secunet Security Networks AG) Hidden
Garmin BaseCamp (HKLM-x32\...\{74E69F8A-BCBB-4A0A-9361-32225755D8C3}) (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2011.10 (HKLM-x32\...\{74D21920-3B72-494F-9042-8C26E1E99FDC}) (Version: 14.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}) (Version: 1.1.8.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{014C6C60-4916-48F7-916E-E8048E12E9F1}) (Version: 4.0.3.1 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{B570A046-A176-4BBA-8C33-E8844E1C6F98}) (Version: 3.4.0.0 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50015.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 2 Runtime Environment Standard Edition 1.3.1_02 (HKLM-x32\...\JRE 1.3.1_02) (Version:  - )
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobaXterm (HKLM-x32\...\{609443FC-1511-4F1C-BF24-F118B57DBDFE}) (Version: 6.2.0.0 - Mobatek)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Mp3tag v2.49a (HKLM-x32\...\Mp3tag) (Version: v2.49a - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.7 - )
OpenCPN 2.5.0 (HKLM-x32\...\OpenCPN 2.5.0) (Version: 2.5.0 - opencpn.org)
OpenVPN 2.3.0-I004  (HKLM\...\OpenVPN) (Version: 2.3.0-I004 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PdfGrabber 7.0 (64bit) (HKLM\...\{01517A48-9217-431B-821C-F89F53918E3D}) (Version: 7.0 - PixelPlanet)
PixelPlanet PdfPrinter 6 (64bit) (HKLM\...\{B8E88489-A304-45F1-9717-242035DE167D}) (Version: 6.03.23 - PixelPlanet)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{2E248EC3-2D89-40AB-B88A-48AA24DBEF6F}) (Version: 6.5 - Silicon Laboratories, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Stamina 2.5 (HKLM-x32\...\Stamina) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12799 - TeamViewer)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB CCID Smartcard Reader - Version 1.2.1.2 (HKLM\...\{939913F9-F134-4E9E-B879-BE6755B69952}) (Version: 3.0.0.1 - USB CCID)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VLC TV Player (HKLM-x32\...\{4937160D-9A3B-429C-A82E-645116A4EB17}) (Version: 1.0.5.0 - Kartina Digital GmbH)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
WinSCP 4.3.6 (HKLM-x32\...\winscp3_is1) (Version: 4.3.6 - Martin Prikryl)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-3642530901-2315677370-1014022866-1000\...\{39F9627F-238E-41A0-9A63-DB63D4A7FAB3}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{02C4B6C6-895A-38AC-8327-20E08FA7C4A5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{07A8E1BD-1ECA-3709-91F3-C2BF294E2DFF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{0D6D0FF1-FAB9-31D9-885F-A8D8B4C6EFE0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{1C5EB3BE-A2CF-370E-9A48-45EF256D46BD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{1DABD907-F23D-3667-B37E-3E99D623C797}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{27CBCF65-D9C4-3D70-8422-1DA7D1DADA78}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{4894BBA6-D4CC-3D55-8DFD-071672DD7266}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{56D99ED8-90CE-32A9-B47D-C43AACA32D07}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{5B0D956D-952D-3D8A-8911-A50AB2D8BA42}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{67C088F9-A9D1-3F23-A910-809E77E637F7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{6EAE8D1A-5927-3BA4-8A34-E8BE755DD5FF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{7BC51EA2-DBAF-4959-8D27-F6DAB5A6E7F5}\InprocServer32 -> C:\Program Files (x86)\Different Solutions GmbH\VtigerOutlookPlugin\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{86E40E47-E6C5-31F5-8E62-6C539A21AC92}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{896AFAA6-C41E-3847-A741-65FC40253347}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{8FD3E1D6-F04F-3BC2-BD2B-10FE50334CE3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{94A9A0FF-B0B8-3570-994B-9A30F9F64738}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{959737BC-CB46-331C-8C58-BFB7F57A62F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{97B04D15-C88C-3B6E-8F54-D1B106B7F6DF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{C5664226-AA06-3421-B6F7-80EC7FD82A09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{D38570CF-E2E7-31C7-BB5D-2A4F195DDFF3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{DD6571ED-AB60-3EEC-AACA-A21C098F1F01}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{E302D261-868A-3532-A324-0A11424775CE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{E35CCD5F-53F7-317D-8F63-AACF8E3B601A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{EC7BC096-150A-3430-BC36-42D52D87D0C6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{FC9C2C26-8228-34ED-BBCA-7CC78B1DEA19}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{FEC8A2B9-150B-37CE-98F7-377B8BA5E3F5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3642530901-2315677370-1014022866-1000_Classes\CLSID\{FEFD3133-3473-3B10-B07E-C99C6FB4E2FC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-12-2014 22:32:46 Geplanter Prüfpunkt
12-12-2014 15:56:22 Windows Update
22-12-2014 01:02:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-04-17 18:16 - 00000896 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.1		router
192.168.1.2		cisco
192.168.1.3		nas	nas.moos.dom


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CCC4953-9025-43D5-B25B-16E1A5093480} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {88F91FD3-386F-43F0-8174-B8B480A8EC69} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C96C6316-5D01-410E-AB19-07C1D5557B6E} - System32\Tasks\{B8BF1D94-1264-4F7C-9FC4-D9767BB1C131} => pcalua.exe -a C:\Users\moos\Downloads\NETGEAR\vpnclient\VPNClient-V2.10.8.3.exe -d C:\Users\moos\Downloads\NETGEAR\vpnclient

==================== Loaded Modules (whitelisted) =============

2011-12-27 21:11 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-01-02 00:34 - 2011-12-27 12:32 - 00182272 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2010-10-08 06:18 - 2010-10-08 06:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 08:25 - 2010-09-02 08:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2011-12-27 20:39 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-16 01:14 - 2011-03-16 01:14 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 20:39 - 2013-04-29 18:56 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2014-12-08 20:36 - 2014-02-10 18:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PixelPlanet PdfPrinter-Monitor => "C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Gast (S-1-5-21-3642530901-2315677370-1014022866-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3642530901-2315677370-1014022866-1002 - Limited - Enabled)
moos (S-1-5-21-3642530901-2315677370-1014022866-1000 - Administrator - Enabled) => C:\Users\moos
root (S-1-5-21-3642530901-2315677370-1014022866-500 - Administrator - Disabled)

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 05:35:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 05:23:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 03:08:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:50:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 00:48:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 11:02:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011cba
ID des fehlerhaften Prozesses: 0x10f0
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3


System errors:
=============
Error: (12/23/2014 05:35:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
NetworkX

Error: (12/23/2014 05:34:58 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (12/23/2014 05:23:50 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (12/23/2014 05:22:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
NetworkX

Error: (12/23/2014 05:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Crypkey License" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/23/2014 05:22:41 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.

Error: (12/22/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
NetworkX

Error: (12/22/2014 05:33:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Crypkey License" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/22/2014 05:33:45 AM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Das System kann den angegebenen Pfad nicht finden.


Microsoft Office Sessions:
=========================
Error: (12/23/2014 05:35:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 05:23:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 03:08:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/22/2014 00:50:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:50:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:48:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Desktop\esetsmartinstaller_deu.exe

Error: (12/22/2014 00:48:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\moos\Downloads\esetsmartinstaller_deu.exe

Error: (12/22/2014 11:02:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500011cba10f001d01dcda6e6a81cC:\Users\moos\Desktop\Gmer-19357.exeC:\Users\moos\Desktop\Gmer-19357.exea6c1087e-89c1-11e4-9e82-70f395d7ef47


CodeIntegrity Errors:
===================================
  Date: 2014-12-22 02:55:26.836
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:55:26.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:55:26.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:24:57.719
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:24:57.717
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 02:24:57.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.274
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-03 13:50:36.253
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 7929.56 MB
Available physical RAM: 5987.06 MB
Total Pagefile: 15857.3 MB
Available Pagefile: 13519.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:27.85 GB) NTFS
Drive d: (DATA) (Fixed) (Total:102.78 GB) (Free:27.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9315B1BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=06)
Partition 4: (Not Active) - (Size=102.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-30 01:40:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OCA1G 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\moos\AppData\Local\Temp\pxldypog.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d7ef47                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d7ef47 (not active ControlSet)  

---- EOF - GMER 2.1 ----
         

Alt 30.12.2014, 18:00   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



dann mach das jetzt mal mit Outlook
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.12.2014, 23:04   #9
sap_all
 
Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Outlook läuft seit vier Stunden, bis jetzt keine Auffälligkeiten. Super!
Gruss
sap_all

Alt 31.12.2014, 15:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.01.2015, 18:23   #11
sap_all
 
Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Hallo Schrauber,
erstmal ein freues Neues Jahr!

ist alles soweit erledigt. Tausend Dank.
Gruss
sap_all

Alt 05.01.2015, 07:44   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Standard

Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender
adapter, adobe, browser, dateien, desktop, downloader, escan, explorer, failed, gelöscht, helper, internet, internet explorer, kaspersky, launch, löschen, malwarebytes, microsoft, mozilla, notebook, ordner, registry, rootkit, software, system, windows



Ähnliche Themen: Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender


  1. bis zu 50 x am Tag: mail delivery failed: Returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 23.11.2015 (25)
  2. Hunderte Mails kommen bei mir an. Mail delivery failed: returning message to senderHa
    Log-Analyse und Auswertung - 07.09.2014 (3)
  3. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  4. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  5. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  6. Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 06.12.2013 (7)
  7. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (11)
  8. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  9. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  10. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  11. mail delivery failed: returning message to sender im gmx account
    Log-Analyse und Auswertung - 12.07.2013 (5)
  12. Mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  13. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (3)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (11)
  16. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  17. Mail Delivery Failed: Returning Message to Sender
    Alles rund um Windows - 10.10.2012 (1)

Zum Thema Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender - Hallo zusammen, Seit ein paar Wochen tauchen auf einmal hunderte Mails mit dem oben genannten Betreff. Provider hat schon die Mail-Konten gesperrt. Ich habe gestern versucht mit AdvCleaner, Malwarebytes und - Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender...
Archiv
Du betrachtest: Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.