Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.11.2016, 11:39   #1
seppelb
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Guten Tag,

in wilder Leichtsinnigkeit habe ich auf meinem Windows-PC die bereits bekannte personalisierte Trojaner-Mail von Directpay24 GmbH mit Zahlungsaufforderung geöffnet und in Mozilla Thunderbird auf die zip-Datei im Anhang geklickt, im folgenden Fenster "Öffnen mit" ausgewählt, woraufhin sich mein WinRAR geöffnet hat. Unmittelbar nach dem Klick auf "Öffnen" in Thunderbird wurde mir der Unsinn meiner Handlung bewusst, woraufhin ich WinRAR geschlossen habe. Ich habe also NICHT den Ordner geöffnet und somit auf KEINE der beinhalteten Dateien geklickt, NICHTS extra entpackt und NICHTS ausgeführt. Zur Veranschulichung kommt anbei ein Beispielphoto, um zu zeigen, an welchem Schritt des Öffnen ich unterbrochen habe.

Weder Kaspersky, noch ESET Online Scanner, noch Malwarebytes Anti-Malware 2.2.1 haben irgendetwas detektiert.
Trotzdem lässt mich der gruselige Gedanke nicht los und ich wüsste gerne, ob es prinzipiell möglich ist, dass ich mir den Trojaner eingefangen habe, obwohl ich keine Datei ausgeführt habe und falls ja, wie ich weiter zu verfahren habe oder ob ich mich tatsächlich in Sicherheit wägen darf.

Vielen Dank für Eure Unterstützung!

Viele Grüße


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2016 01
Ran by Bernhard (administrator) on BERNHARD-PC (20-11-2016 12:21:42)
Running from C:\Users\Bernhard\Desktop
Loaded Profiles: Bernhard (Available Profiles: Bernhard & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Carl Zeiss) C:\Program Files\Carl Zeiss\MTB 2011\MTB Server Console\MTBService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SigmaChip) C:\Windows\SGStiMon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Bernhard\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7518752 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
HKLM\...\Run: [SGCameraMonitor] => C:\Windows\SGStiMon.exe [59992 2011-01-25] (SigmaChip)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [F.lux] => C:\Users\Bernhard\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\MountPoints2: {02144b4d-f465-11e3-9943-001f1601b0c8} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\MountPoints2: {69d1b252-ac30-11e3-b04b-001f1601b0c8} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FE725E81-177F-4000-8453-A9A382204E07}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: uanqyggg.default
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Zotero\Zotero\Profiles\wkpt3e9h.default [2014-03-20]
FF Extension: (No Name) - C:\Program Files\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [not found]
FF Extension: (No Name) - C:\Program Files\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [not found]
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default [2016-11-20]
FF user.js: detected! => C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\user.js [2015-05-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uanqyggg.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\uanqyggg.default -> dkb.de
FF Session Restore: Mozilla\Firefox\Profiles\uanqyggg.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\uanqyggg.default -> hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF Extension: (Avira Browser Safety) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\abs@avira.com [2016-11-19]
FF Extension: (Zotero) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\zotero@chnm.gmu.edu.xpi [2016-11-03]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-17]
FF Extension: (Nuke Anything Enhanced) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2016-04-30]
FF Extension: (Tab Mix Plus) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (Adblock Edge) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-27]
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1760375744-4155738735-2501987826-1000\FireFox [2016-11-20]
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1760375744-4155738735-2501987826-1000\FireFox\user.js [2015-05-29]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [not found]
FF Extension: (Anti-Banner) - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2016-11-18] [not signed]
FF Extension: (Modul zur Link-Untersuchung) - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-11-18] [not signed]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-27] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-23]
FF HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1760375744-4155738735-2501987826-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1760375744-4155738735-2501987826-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-01-04] (Apple Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 CZCanSrv; C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-09-19] (Flexera Software, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [567184 2015-12-23] (Cisco Systems, Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [109248 2015-12-23] (Cisco Systems, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [352256 2009-01-16] (Aladdin Knowledge Systems Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-05] (Kaspersky Lab ZAO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [587776 2009-07-09] (Aladdin Knowledge Systems Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [67456 2015-12-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [51032 2016-08-23] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-11-10] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [778584 2016-08-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [94040 2016-08-23] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [161672 2015-12-02] (AO Kaspersky Lab)
S3 SG320 Video Capture; C:\Windows\System32\Drivers\SGCam3UVC.sys [2503832 2011-01-25] (SiGma Micro)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 12:21 - 2016-11-20 12:22 - 00019620 _____ C:\Users\Bernhard\Desktop\FRST.txt
2016-11-20 12:20 - 2016-11-20 12:20 - 01762304 _____ (Farbar) C:\Users\Bernhard\Desktop\FRST.exe
2016-11-20 12:05 - 2016-11-20 12:21 - 00000000 ____D C:\FRST
2016-11-19 23:43 - 2016-11-19 23:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-19 23:43 - 2016-11-19 23:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-19 23:43 - 2016-11-19 23:43 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2016-11-19 23:43 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-19 23:43 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-19 23:43 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-19 15:10 - 2016-11-19 15:10 - 00000000 ____D C:\Users\Bernhard\AppData\Local\ESET
2016-11-18 13:36 - 2016-11-20 10:12 - 00000000 ____D C:\Users\Bernhard\AppData\LocalLow\Mozilla
2016-11-18 13:15 - 2016-11-18 13:15 - 00003388 _____ C:\Users\Bernhard\AppData\Local\recently-used.xbel
2016-11-18 00:29 - 2016-11-18 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-10 08:00 - 2016-11-10 08:01 - 00000000 ____D C:\Windows\rescache
2016-11-09 10:32 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 10:32 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 10:32 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 10:32 - 2016-10-27 15:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 10:32 - 2016-10-25 15:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 10:32 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 10:32 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 10:32 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 10:32 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 10:32 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 10:32 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 10:32 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 10:32 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 10:32 - 2016-10-11 16:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 10:32 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 10:32 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 10:32 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 10:32 - 2016-10-10 16:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 10:32 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 10:32 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-09 10:32 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 10:32 - 2016-10-07 16:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 10:32 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 10:32 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 10:31 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 10:31 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 10:31 - 2016-10-22 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 10:31 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 10:31 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 10:31 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 10:31 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 10:31 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 10:31 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 10:31 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 10:31 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 10:31 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 10:31 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 10:31 - 2016-10-22 18:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 10:31 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 10:31 - 2016-10-22 18:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 10:31 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 10:31 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 10:31 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 10:31 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 10:31 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 10:31 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 10:31 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 10:31 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 10:31 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 10:31 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 10:31 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 10:31 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 10:31 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 10:31 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 10:31 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 10:31 - 2016-10-10 16:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 10:31 - 2016-10-10 16:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 10:31 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 10:31 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 10:31 - 2016-10-10 15:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 10:31 - 2016-10-10 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 10:31 - 2016-10-10 15:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 10:31 - 2016-10-07 15:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 10:31 - 2016-10-07 15:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 10:31 - 2016-10-07 15:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 10:31 - 2016-10-07 15:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 10:31 - 2016-10-07 15:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 10:31 - 2016-10-07 15:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 10:31 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 10:31 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 10:31 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 10:31 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-07 18:10 - 2016-11-07 18:10 - 02094184 _____ (Adobe) C:\Users\Bernhard\Downloads\acrobatproDC_00000000000000000000000407.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 12:22 - 2015-02-07 20:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-20 12:07 - 2011-04-19 01:24 - 00000000 ____D C:\Program Files\Adobe
2016-11-20 10:27 - 2014-05-27 17:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-19 23:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-19 08:46 - 2009-07-14 05:34 - 00025920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-19 08:46 - 2009-07-14 05:34 - 00025920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 13:36 - 2014-08-15 09:03 - 00000000 ____D C:\Users\Bernhard\Desktop\Wohnung
2016-11-18 13:36 - 2012-05-04 15:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-18 13:15 - 2015-01-13 21:45 - 00000000 ____D C:\Users\Bernhard\AppData\Local\gtk-2.0
2016-11-18 13:15 - 2013-05-23 10:39 - 00000000 ____D C:\Users\Bernhard\.gimp-2.8
2016-11-17 23:12 - 2011-04-18 23:45 - 00795794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-16 18:44 - 2012-12-27 00:08 - 00000000 ____D C:\Users\Guest
2016-11-10 21:25 - 2016-10-18 20:53 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2016-11-10 21:24 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-10 07:18 - 2009-07-14 05:33 - 00337104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 23:46 - 2013-08-17 15:25 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 23:45 - 2011-04-19 01:00 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 10:23 - 2012-05-11 14:07 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-09 10:23 - 2011-11-26 00:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-09 10:23 - 2011-04-19 16:20 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 19:35 - 2011-04-19 01:23 - 00000000 ____D C:\ProgramData\Adobe
2016-11-07 18:27 - 2011-04-18 23:58 - 00000000 ____D C:\Users\Bernhard
2016-11-03 22:46 - 2016-08-09 09:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-28 17:47 - 2011-09-07 17:33 - 00000000 ____D C:\Users\Bernhard\AppData\Roaming\Skype
2016-10-27 20:28 - 2013-09-04 00:04 - 00000000 ____D C:\Users\Bernhard\Desktop\Stick
2016-10-26 16:29 - 2011-04-19 00:33 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-05-12 22:28 - 2014-05-12 22:28 - 0035012 _____ () C:\Users\Bernhard\AppData\Roaming\OneCal.emf
2014-05-12 21:22 - 2014-05-12 22:29 - 0000546 _____ () C:\Users\Bernhard\AppData\Roaming\onecal.xml
2016-11-18 13:15 - 2016-11-18 13:15 - 0003388 _____ () C:\Users\Bernhard\AppData\Local\recently-used.xbel
2012-04-18 21:40 - 2012-04-18 21:40 - 0017408 _____ () C:\Users\Bernhard\AppData\Local\WebpageIcons.db
2011-04-19 16:13 - 2016-07-10 21:05 - 0033907 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-18 15:21

==================== End of FRST.txt ============================FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2016 01
Ran by Bernhard (20-11-2016 12:22:22)
Running from C:\Users\Bernhard\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-04-18 22:58:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1760375744-4155738735-2501987826-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1760375744-4155738735-2501987826-1009 - Limited - Enabled)
Bernhard (S-1-5-21-1760375744-4155738735-2501987826-1000 - Administrator - Enabled) => C:\Users\Bernhard
Guest (S-1-5-21-1760375744-4155738735-2501987826-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.65.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
f.lux (HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Flux) (Version:  - )
F4500 (Version: 130.0.406.000 - Hewlett-Packard) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.1.445 - Kaspersky Lab) Hidden
LG United Mobile Drivers (HKLM\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft VC90 CRT + OMP (HKLM\...\{0F931735-0098-4FF6-A49D-17882A294F51}) (Version: 1.0.0.0 - ZJMedia Ltd.)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 45.4.0 (x86 de)) (Version: 45.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
Projekt1 (HKLM\...\ST6UNST #1) (Version:  - )
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5864 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigmachip USB Camera Driver (HKLM\...\{5B2A499A-8FB6-4206-B0A4-EADE4BA81F25}) (Version: 1.60.07023 - Sigmachip)
SigmaPlot 12.5 (HKLM\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM\...\{2D2BD030-2DC0-478F-9710-3554FFC0D797}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{C0D71DFA-F9D4-45C2-A6C9-DAE2212766EE}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{5A9D095A-C6DC-4A69-8A96-AC23911A2D4E}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{1567E010-08CA-439C-903E-480EBD309B17}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Carl Zeiss Microscopy GmbH (tvmcam) Image  (10/06/2010 8.2.0.0) (HKLM\...\B8D098E79A64AB4C236E7AC30C34EF0F01BFC497) (Version: 10/06/2010 8.2.0.0 - Carl Zeiss Microscopy GmbH)
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZEN 2012 x32 blue (HKLM\...\{30F51D0C-19FF-438F-950D-A58C732F4F56}) (Version: 1.1.1 - Carl Zeiss Microscopy GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA04-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA51-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA52-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4BA21A0C-C0D7-4163-8366-1531F88DCBAF} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {5CE3E635-8071-44F6-86A7-4F3072867EBD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {61174637-7A94-45F5-8B64-C50DDD5166E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7ED599A2-8C75-4846-BC3E-C9161A26C801} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {986ACD79-0DC7-458D-B6D8-6B609007694C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {A337A464-88A5-4276-A46D-EB67A0B87198} - System32\Tasks\{C0C2C45D-A588-4C28-900C-0020B7266DFF} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files\Projekt1\ST6UNST.LOG"
Task: {AF23EDB9-E532-4A8C-8CE9-CD78BD6A0867} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {BB27DB3F-6A83-43E1-AC47-212478EC452C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {DCA46AC3-ED48-42DE-BA2B-75AA52D0EB66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {F70C682F-2F33-4983-83E3-393D36A4A537} - System32\Tasks\{2C285F43-7EAA-464B-A427-5ECB57FB8FD9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.0.103/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-23 14:27 - 2015-12-23 14:27 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Bernhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Amazon Music => "C:\Users\Bernhard\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: dradio-RecorderTimer => C:\Program Files\dradio-Recorder\phonostarTimer.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0942D896-4744-43E6-A96B-D71FBAAC9DBF}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{61F4E2D9-BDA9-4A4E-8796-CE38CC95F5EA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{41656FFE-EBC0-473C-B5A1-7CA58E5EA514}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6489C8BE-51CB-4E9E-8F7A-7FA987F8FF87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{987924E7-1623-430F-B2C7-01C1FCD3F8E6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E6E2FF7F-F5E3-45B4-BDA4-F4C309669460}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4903AAE0-33EC-4D61-9EA4-33F285FADBC2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D914A554-3152-46B5-A717-7661C797CF1D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BC19F407-55AE-4357-A437-E77AFCD322AC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A4751DFD-6038-4847-AD9A-E515DAA7BC4F}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6AE4321E-B71C-4B21-989F-B20C9B879E64}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{88C6ED2F-369B-48DE-A8D7-62E9B153ECC4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7758F490-EAAC-4C6D-A85D-E5B8A4850A6A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DA73A4E0-E973-448E-BEFB-97E45134516F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E8A36D93-C300-491B-AF43-DDD6FB3C333A}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{8FD4A34B-343F-456D-B0CE-719F85E918AF}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{03DF2CB9-72BD-4DA6-86B6-5D18176D6EF6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A686561B-71CF-4E31-885F-B0B1A6C7D48C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A09B23A9-EE54-4BD3-B3E6-5AA3344D445D}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2E3EB61B-E963-49C6-B491-374E1155BCCB}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{C2F27D64-1933-4CD5-9494-5DD900B42303}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8B40FAC3-3EC9-4761-9167-3789C0A08AB4}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{50B31DB3-C636-4554-A042-6E41077FD4CF}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E3F8A8EF-837A-4044-B08A-74CAC53EDDFD}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7E64ECF5-C258-4B1C-98FD-16AFFC073C8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90FE817D-C6E8-49B0-B2B7-BAF11D8A431C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2A2BAE5-4D05-406F-A031-662DB266BE9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C9845A0-579E-41B9-AA32-268E755CF0B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C901B04-05EF-4D14-91D2-D0CC0D993E93}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9DF1123B-136E-48A7-BBE6-57EFCAA08720}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7ABA75C1-1BC5-4F8A-BC2B-F7D5FB3396C7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{545260F8-4E4A-4AC4-8314-1755FB2D207C}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{7DBC732B-5FB6-4E38-A35F-778832C26CB6}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{6E2FD560-C1C0-4DD5-A30E-A91C664A710C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4C551F79-8154-49B9-9D7D-C701DA99A5BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

20-11-2016 12:03:45 Removed Adobe Photoshop Lightroom 4.

==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Deskjet F4500
Description: HP Deskjet F4500
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2016 12:03:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1760375744-4155738735-2501987826-1005.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {aaa8f95a-be46-46e2-b411-78860c15c3d7}

Error: (11/20/2016 12:01:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1760375744-4155738735-2501987826-1005.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {aaa8f95a-be46-46e2-b411-78860c15c3d7}

Error: (11/19/2016 06:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/19/2016 06:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/19/2016 06:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2016 05:53:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1760375744-4155738735-2501987826-1005.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bcd49927-6ea6-4bc4-b7dc-79c1947eb8e4}

Error: (11/19/2016 01:20:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.0.6152, time stamp: 0x581d7ed2
Faulting module name: mozglue.dll, version: 50.0.0.6152, time stamp: 0x581d788d
Exception code: 0x80000003
Fault offset: 0x0000ed40
Faulting process id: 0x190c
Faulting application start time: 0x01d241a97284eb88
Faulting application path: C:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: 7d4b79b0-ae52-11e6-9f8b-001f1601b0c8

Error: (11/19/2016 08:38:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24915544

Error: (11/19/2016 08:38:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24915544

Error: (11/19/2016 08:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/20/2016 10:40:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/19/2016 06:02:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/17/2016 11:45:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/16/2016 07:46:44 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/16/2016 04:39:24 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/10/2016 09:24:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:22:29 on ‎10.‎11.‎2016 was unexpected.

Error: (11/10/2016 12:57:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/10/2016 07:16:18 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/09/2016 08:01:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (11/09/2016 10:21:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.


CodeIntegrity:
===================================
  Date: 2015-03-13 18:17:00.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:17:00.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:17:00.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:14.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 69%
Total physical RAM: 3032.89 MB
Available physical RAM: 938.03 MB
Total Virtual: 4986.19 MB
Available Virtual: 2163.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:1.92 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:246.08 GB) (Free:2.55 GB) NTFS
Drive g: (CANON_DC) (Removable) (Total:7.38 GB) (Free:1.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7AB852FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
         
--- --- ---
Miniaturansicht angehängter Grafiken
-beispiel.jpg  

Geändert von seppelb (20.11.2016 um 12:23 Uhr)

Alt 20.11.2016, 13:50   #2
M-K-D-B
/// TB-Ausbilder
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Ich hab vor einigen Tagen dieselbe E-Mail bekommen und gleich an Malwarebytes weitergeleitet.
An Malware sehe ich nichts in den Logdateien, evtl. ist da ein wenig Adware/PUP.
Wir sehen kurz nach.






Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 20.11.2016, 17:01   #3
seppelb
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Hi Mathias!

Vielen Dank für deine schnelle Antwort!

Hier Schritt 1:

Code:
ATTFilter
# AdwCleaner v6.030 - Logfile created 20/11/2016 at 16:38:38
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-19.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : Bernhard - BERNHARD-PC
# Running from : C:\Users\Bernhard\Desktop\AdwCleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Bernhard\AppData\LocalLow\HPAppData
[-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Software\Softonic
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1760375744-4155738735-2501987826-1000\Software\Somoto Toolbar
[#] Key deleted on reboot: HKCU\Software\Softonic
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.param.yahoo-fr" -  "chr-greentree_ff&type=827316&ilc=12"
[-] Chrome preferences cleaned: "keyword.URL" -  "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: "Prefetch" files deleted
:: Proxy settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2415 Bytes] - [20/11/2016 16:38:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [2674 Bytes] - [20/11/2016 16:36:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2561 Bytes] ##########
         
Schritt 2:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x86 
Ran by Bernhard (Administrator) on 20.11.2016 at 16:48:06,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18 

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\tempdir (Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\user.js (File) 
Successfully deleted: C:\Users\Bernhard\AppData\Roaming\pdfforge (Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OEMOVUK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691GVXX2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD06WW5D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7M7TKQL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCKNEGWD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W64FR4O3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Bernhard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLE17PJU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OEMOVUK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691GVXX2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD06WW5D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7M7TKQL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCKNEGWD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W64FR4O3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLE17PJU (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.11.2016 at 16:50:21,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Schritt 3:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2016
Ran by Bernhard (administrator) on BERNHARD-PC (20-11-2016 16:56:48)
Running from C:\Users\Bernhard\Desktop
Loaded Profiles: Bernhard (Available Profiles: Bernhard & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Carl Zeiss) C:\Program Files\Carl Zeiss\MTB 2011\MTB Server Console\MTBService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7518752 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
HKLM\...\Run: [SGCameraMonitor] => C:\Windows\SGStiMon.exe [59992 2011-01-25] (SigmaChip)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [F.lux] => C:\Users\Bernhard\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\MountPoints2: {02144b4d-f465-11e3-9943-001f1601b0c8} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\MountPoints2: {69d1b252-ac30-11e3-b04b-001f1601b0c8} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FE725E81-177F-4000-8453-A9A382204E07}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: uanqyggg.default
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Zotero\Zotero\Profiles\wkpt3e9h.default [2014-03-20]
FF Extension: (No Name) - C:\Program Files\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [not found]
FF Extension: (No Name) - C:\Program Files\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [not found]
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default [2016-11-20]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uanqyggg.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\uanqyggg.default -> dkb.de
FF Session Restore: Mozilla\Firefox\Profiles\uanqyggg.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\abs@avira.com [2016-11-20]
FF Extension: (Zotero) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\zotero@chnm.gmu.edu.xpi [2016-11-03]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-17]
FF Extension: (Nuke Anything Enhanced) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2016-04-30]
FF Extension: (Tab Mix Plus) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (Adblock Edge) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-27]
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1760375744-4155738735-2501987826-1000\FireFox [2016-11-20]
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1760375744-4155738735-2501987826-1000\FireFox\user.js [2015-05-29]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [not found]
FF Extension: (Anti-Banner) - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2016-11-18] [not signed]
FF Extension: (Modul zur Link-Untersuchung) - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-11-18] [not signed]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-27] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-23]
FF HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1760375744-4155738735-2501987826-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1760375744-4155738735-2501987826-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-01-04] (Apple Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 CZCanSrv; C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-09-19] (Flexera Software, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [567184 2015-12-23] (Cisco Systems, Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [109248 2015-12-23] (Cisco Systems, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [352256 2009-01-16] (Aladdin Knowledge Systems Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-05] (Kaspersky Lab ZAO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [587776 2009-07-09] (Aladdin Knowledge Systems Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [67456 2015-12-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [51032 2016-08-23] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-11-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [778584 2016-08-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [94040 2016-08-23] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [161672 2015-12-02] (AO Kaspersky Lab)
S3 SG320 Video Capture; C:\Windows\System32\Drivers\SGCam3UVC.sys [2503832 2011-01-25] (SiGma Micro)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 16:56 - 2016-11-20 16:56 - 00000000 ____D C:\Users\Bernhard\Desktop\FRST-OlderVersion
2016-11-20 16:50 - 2016-11-20 16:50 - 00003225 _____ C:\Users\Bernhard\Desktop\JRT.txt
2016-11-20 16:47 - 2016-11-20 16:47 - 01631928 _____ (Malwarebytes) C:\Users\Bernhard\Desktop\JRT.exe
2016-11-20 16:33 - 2016-11-20 16:38 - 00000000 ____D C:\AdwCleaner
2016-11-20 16:32 - 2016-11-20 16:33 - 03910208 _____ C:\Users\Bernhard\Desktop\AdwCleaner_6.030.exe
2016-11-20 12:22 - 2016-11-20 12:23 - 00033587 _____ C:\Users\Bernhard\Desktop\Addition.txt
2016-11-20 12:21 - 2016-11-20 16:56 - 00017612 _____ C:\Users\Bernhard\Desktop\FRST.txt
2016-11-20 12:20 - 2016-11-20 16:56 - 01762304 _____ (Farbar) C:\Users\Bernhard\Desktop\FRST.exe
2016-11-20 12:05 - 2016-11-20 16:56 - 00000000 ____D C:\FRST
2016-11-19 23:43 - 2016-11-19 23:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-19 23:43 - 2016-11-19 23:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-19 23:43 - 2016-11-19 23:43 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-11-19 23:43 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-19 23:43 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-19 23:43 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-19 15:10 - 2016-11-20 16:40 - 00000000 ____D C:\Users\Bernhard\AppData\Local\ESET
2016-11-18 13:36 - 2016-11-20 16:50 - 00000000 ____D C:\Users\Bernhard\AppData\LocalLow\Mozilla
2016-11-18 13:15 - 2016-11-18 13:15 - 00003388 _____ C:\Users\Bernhard\AppData\Local\recently-used.xbel
2016-11-18 00:29 - 2016-11-20 16:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-10 08:00 - 2016-11-10 08:01 - 00000000 ____D C:\Windows\rescache
2016-11-09 10:32 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 10:32 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 10:32 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 10:32 - 2016-10-27 15:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 10:32 - 2016-10-25 15:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 10:32 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 10:32 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 10:32 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 10:32 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 10:32 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 10:32 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 10:32 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 10:32 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 10:32 - 2016-10-11 16:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 10:32 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 10:32 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 10:32 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 10:32 - 2016-10-10 16:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 10:32 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 10:32 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-09 10:32 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 10:32 - 2016-10-07 16:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 10:32 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 10:32 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 10:31 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 10:31 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 10:31 - 2016-10-22 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 10:31 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 10:31 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 10:31 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 10:31 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 10:31 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 10:31 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 10:31 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 10:31 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 10:31 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 10:31 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 10:31 - 2016-10-22 18:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 10:31 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 10:31 - 2016-10-22 18:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 10:31 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 10:31 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 10:31 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 10:31 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 10:31 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 10:31 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 10:31 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 10:31 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 10:31 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 10:31 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 10:31 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 10:31 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 10:31 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 10:31 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 10:31 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 10:31 - 2016-10-10 16:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 10:31 - 2016-10-10 16:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 10:31 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 10:31 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 10:31 - 2016-10-10 15:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 10:31 - 2016-10-10 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 10:31 - 2016-10-10 15:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 10:31 - 2016-10-07 15:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 10:31 - 2016-10-07 15:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 10:31 - 2016-10-07 15:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 10:31 - 2016-10-07 15:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 10:31 - 2016-10-07 15:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 10:31 - 2016-10-07 15:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 10:31 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 10:31 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 10:31 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 10:31 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-07 18:10 - 2016-11-07 18:10 - 02094184 _____ (Adobe) C:\Users\Bernhard\Downloads\acrobatproDC_00000000000000000000000407.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 16:56 - 2014-05-27 17:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-20 16:49 - 2009-07-14 05:34 - 00025920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-20 16:49 - 2009-07-14 05:34 - 00025920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-20 16:42 - 2016-10-18 20:53 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2016-11-20 16:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-20 16:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-20 16:40 - 2012-05-04 15:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-20 16:25 - 2015-02-07 20:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-20 12:07 - 2011-04-19 01:24 - 00000000 ____D C:\Program Files\Adobe
2016-11-18 13:36 - 2014-08-15 09:03 - 00000000 ____D C:\Users\Bernhard\Desktop\Wohnung
2016-11-18 13:15 - 2015-01-13 21:45 - 00000000 ____D C:\Users\Bernhard\AppData\Local\gtk-2.0
2016-11-18 13:15 - 2013-05-23 10:39 - 00000000 ____D C:\Users\Bernhard\.gimp-2.8
2016-11-17 23:12 - 2011-04-18 23:45 - 00795794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-16 18:44 - 2012-12-27 00:08 - 00000000 ____D C:\Users\Guest
2016-11-10 07:18 - 2009-07-14 05:33 - 00337104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 23:46 - 2013-08-17 15:25 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 23:45 - 2011-04-19 01:00 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 10:23 - 2012-05-11 14:07 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-09 10:23 - 2011-11-26 00:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-09 10:23 - 2011-04-19 16:20 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 19:35 - 2011-04-19 01:23 - 00000000 ____D C:\ProgramData\Adobe
2016-11-07 18:27 - 2011-04-18 23:58 - 00000000 ____D C:\Users\Bernhard
2016-11-03 22:46 - 2016-08-09 09:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-28 17:47 - 2011-09-07 17:33 - 00000000 ____D C:\Users\Bernhard\AppData\Roaming\Skype
2016-10-27 20:28 - 2013-09-04 00:04 - 00000000 ____D C:\Users\Bernhard\Desktop\Stick
2016-10-26 16:29 - 2011-04-19 00:33 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-05-12 22:28 - 2014-05-12 22:28 - 0035012 _____ () C:\Users\Bernhard\AppData\Roaming\OneCal.emf
2014-05-12 21:22 - 2014-05-12 22:29 - 0000546 _____ () C:\Users\Bernhard\AppData\Roaming\onecal.xml
2016-11-18 13:15 - 2016-11-18 13:15 - 0003388 _____ () C:\Users\Bernhard\AppData\Local\recently-used.xbel
2012-04-18 21:40 - 2012-04-18 21:40 - 0017408 _____ () C:\Users\Bernhard\AppData\Local\WebpageIcons.db
2011-04-19 16:13 - 2016-07-10 21:05 - 0033907 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Bernhard\AppData\Local\Temp\libeay32.dll
C:\Users\Bernhard\AppData\Local\Temp\msvcr120.dll
C:\Users\Bernhard\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-18 15:21

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---



[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016
Ran by Bernhard (20-11-2016 16:57:43)
Running from C:\Users\Bernhard\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-04-18 22:58:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1760375744-4155738735-2501987826-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1760375744-4155738735-2501987826-1009 - Limited - Enabled)
Bernhard (S-1-5-21-1760375744-4155738735-2501987826-1000 - Administrator - Enabled) => C:\Users\Bernhard
Guest (S-1-5-21-1760375744-4155738735-2501987826-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.65.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
f.lux (HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Flux) (Version:  - )
F4500 (Version: 130.0.406.000 - Hewlett-Packard) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.1.445 - Kaspersky Lab) Hidden
LG United Mobile Drivers (HKLM\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft VC90 CRT + OMP (HKLM\...\{0F931735-0098-4FF6-A49D-17882A294F51}) (Version: 1.0.0.0 - ZJMedia Ltd.)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 45.4.0 (x86 de)) (Version: 45.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
Projekt1 (HKLM\...\ST6UNST #1) (Version:  - )
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5864 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigmachip USB Camera Driver (HKLM\...\{5B2A499A-8FB6-4206-B0A4-EADE4BA81F25}) (Version: 1.60.07023 - Sigmachip)
SigmaPlot 12.5 (HKLM\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM\...\{2D2BD030-2DC0-478F-9710-3554FFC0D797}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{C0D71DFA-F9D4-45C2-A6C9-DAE2212766EE}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{5A9D095A-C6DC-4A69-8A96-AC23911A2D4E}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{1567E010-08CA-439C-903E-480EBD309B17}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Carl Zeiss Microscopy GmbH (tvmcam) Image  (10/06/2010 8.2.0.0) (HKLM\...\B8D098E79A64AB4C236E7AC30C34EF0F01BFC497) (Version: 10/06/2010 8.2.0.0 - Carl Zeiss Microscopy GmbH)
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZEN 2012 x32 blue (HKLM\...\{30F51D0C-19FF-438F-950D-A58C732F4F56}) (Version: 1.1.1 - Carl Zeiss Microscopy GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA04-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA51-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA52-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4BA21A0C-C0D7-4163-8366-1531F88DCBAF} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {5CE3E635-8071-44F6-86A7-4F3072867EBD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {61174637-7A94-45F5-8B64-C50DDD5166E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7ED599A2-8C75-4846-BC3E-C9161A26C801} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {986ACD79-0DC7-458D-B6D8-6B609007694C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {A337A464-88A5-4276-A46D-EB67A0B87198} - System32\Tasks\{C0C2C45D-A588-4C28-900C-0020B7266DFF} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files\Projekt1\ST6UNST.LOG"
Task: {AF23EDB9-E532-4A8C-8CE9-CD78BD6A0867} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {BB27DB3F-6A83-43E1-AC47-212478EC452C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {DCA46AC3-ED48-42DE-BA2B-75AA52D0EB66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {F70C682F-2F33-4983-83E3-393D36A4A537} - System32\Tasks\{2C285F43-7EAA-464B-A427-5ECB57FB8FD9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.0.103/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-23 14:27 - 2015-12-23 14:27 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2011-04-19 16:31 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Bernhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Amazon Music => "C:\Users\Bernhard\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: dradio-RecorderTimer => C:\Program Files\dradio-Recorder\phonostarTimer.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0942D896-4744-43E6-A96B-D71FBAAC9DBF}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{61F4E2D9-BDA9-4A4E-8796-CE38CC95F5EA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{41656FFE-EBC0-473C-B5A1-7CA58E5EA514}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6489C8BE-51CB-4E9E-8F7A-7FA987F8FF87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{987924E7-1623-430F-B2C7-01C1FCD3F8E6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E6E2FF7F-F5E3-45B4-BDA4-F4C309669460}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4903AAE0-33EC-4D61-9EA4-33F285FADBC2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D914A554-3152-46B5-A717-7661C797CF1D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BC19F407-55AE-4357-A437-E77AFCD322AC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A4751DFD-6038-4847-AD9A-E515DAA7BC4F}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6AE4321E-B71C-4B21-989F-B20C9B879E64}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{88C6ED2F-369B-48DE-A8D7-62E9B153ECC4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7758F490-EAAC-4C6D-A85D-E5B8A4850A6A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DA73A4E0-E973-448E-BEFB-97E45134516F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E8A36D93-C300-491B-AF43-DDD6FB3C333A}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{8FD4A34B-343F-456D-B0CE-719F85E918AF}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{03DF2CB9-72BD-4DA6-86B6-5D18176D6EF6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A686561B-71CF-4E31-885F-B0B1A6C7D48C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A09B23A9-EE54-4BD3-B3E6-5AA3344D445D}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2E3EB61B-E963-49C6-B491-374E1155BCCB}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{C2F27D64-1933-4CD5-9494-5DD900B42303}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8B40FAC3-3EC9-4761-9167-3789C0A08AB4}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{50B31DB3-C636-4554-A042-6E41077FD4CF}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E3F8A8EF-837A-4044-B08A-74CAC53EDDFD}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7E64ECF5-C258-4B1C-98FD-16AFFC073C8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90FE817D-C6E8-49B0-B2B7-BAF11D8A431C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2A2BAE5-4D05-406F-A031-662DB266BE9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C9845A0-579E-41B9-AA32-268E755CF0B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C901B04-05EF-4D14-91D2-D0CC0D993E93}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9DF1123B-136E-48A7-BBE6-57EFCAA08720}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7ABA75C1-1BC5-4F8A-BC2B-F7D5FB3396C7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{545260F8-4E4A-4AC4-8314-1755FB2D207C}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{7DBC732B-5FB6-4E38-A35F-778832C26CB6}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{6E2FD560-C1C0-4DD5-A30E-A91C664A710C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4C551F79-8154-49B9-9D7D-C701DA99A5BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

20-11-2016 16:48:07 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Deskjet F4500
Description: HP Deskjet F4500
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2016 04:48:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1760375744-4155738735-2501987826-1005.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {4fe9ec9f-eaec-43c3-a100-d2ab653379d0}

Error: (11/20/2016 04:24:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10393442

Error: (11/20/2016 04:24:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10393442

Error: (11/20/2016 04:24:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2016 04:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10392443

Error: (11/20/2016 04:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10392443

Error: (11/20/2016 04:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2016 01:31:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17753

Error: (11/20/2016 01:31:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17753

Error: (11/20/2016 01:31:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/20/2016 04:38:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (11/20/2016 04:37:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod-Dienst service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2016 04:37:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2016 04:37:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/20/2016 04:37:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/20/2016 04:37:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/20/2016 04:37:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2016 04:37:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MTB2011 Server (2.1.0.8) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2016 04:37:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dienst "Bonjour" service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2016 04:37:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-03-13 18:17:00.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:17:00.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:17:00.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:14.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3032.89 MB
Available physical RAM: 1556.6 MB
Total Virtual: 4062.77 MB
Available Virtual: 2287.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:2.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:246.08 GB) (Free:1.91 GB) NTFS
Drive g: (CANON_DC) (Removable) (Total:7.38 GB) (Free:1.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7AB852FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---
__________________

Alt 21.11.2016, 16:35   #4
M-K-D-B
/// TB-Ausbilder
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 23.11.2016, 18:20   #5
seppelb
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Moin,

tausend Dank schon Mal für deine Hilfe.

Schritt 1:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016 01
Ran by Bernhard (23-11-2016 14:14:40) Run:1
Running from C:\Users\Bernhard\Desktop
Loaded Profiles: Bernhard (Available Profiles: Bernhard & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
EmptyTemp:
end
*****************

Processes closed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22571837 B
Java, Flash, Steam htmlcache => 716 B
Windows/system/drivers => 141936 B
Edge => 0 B
Chrome => 0 B
Firefox => 211461009 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 95908 B
LocalService => 132244 B
NetworkService => 67956 B
Bernhard => 14048530 B
Admin3 => 0 B
Guest => 6499760 B

RecycleBin => 0 B
EmptyTemp: => 251.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:15:33 ====
         

Schritt 2:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=48bfe56b836a7a459ca417bc46efcdea
# end=init
# utc_time=2016-11-23 01:23:41
# local_time=2016-11-23 02:23:41 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 31505
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=48bfe56b836a7a459ca417bc46efcdea
# end=updated
# utc_time=2016-11-23 01:27:26
# local_time=2016-11-23 02:27:26 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=48bfe56b836a7a459ca417bc46efcdea
# engine=31505
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-23 03:30:20
# local_time=2016-11-23 04:30:20 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1309 16777213 100 100 7963 44137271 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 103238 231546210 0 0
# scanned=230408
# found=0
# cleaned=0
# scan_time=7372
         

Schritt 3:

Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : BERNHARD-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Bernhard-PC\Bernhard
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-11-23 16:36:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 1.328.759
   Files scanned . . . . : 34.764
   Remnants scanned  . . : 286.476 files / 1.007.519 keys

Suspicious files ____________________________________________________________

   C:\Users\Bernhard\Desktop\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.762.304 bytes
      Age  . . . . . . . : 3.2 days (2016-11-20 12:20:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 98D0B844C776F2CBD6C889A810E9786E557368B000475499F0671AE2BBC9DB5B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Bernhard\Desktop\FRST.exe
      Size . . . . . . . : 1.762.304 bytes
      Age  . . . . . . . : 0.1 days (2016-11-23 14:13:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7C48A91ADC72D970CB0FBC8A138E2EC815984FAF7F57D7219F66500ED1EEDC22
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Bernhard\Desktop\FRST.exe
      Forensic Cluster
         -0.2s C:\Users\Bernhard\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.2s C:\Users\Bernhard\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
          0.0s C:\Users\Bernhard\Desktop\FRST.exe


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}\ (CouponBar)
         

Schritt 4:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by Bernhard (administrator) on BERNHARD-PC (23-11-2016 18:22:29)
Running from C:\Users\Bernhard\Desktop
Loaded Profiles: Bernhard & Guest (Available Profiles: Bernhard & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Carl Zeiss) C:\Program Files\Carl Zeiss\MTB 2011\MTB Server Console\MTBService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SigmaChip) C:\Windows\SGStiMon.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Bernhard\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7518752 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-12] (Synaptics Incorporated)
HKLM\...\Run: [SGCameraMonitor] => C:\Windows\SGStiMon.exe [59992 2011-01-25] (SigmaChip)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [F.lux] => C:\Users\Bernhard\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\MountPoints2: {02144b4d-f465-11e3-9943-001f1601b0c8} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\MountPoints2: {69d1b252-ac30-11e3-b04b-001f1601b0c8} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FE725E81-177F-4000-8453-A9A382204E07}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: uanqyggg.default
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Zotero\Zotero\Profiles\wkpt3e9h.default [2014-03-20]
FF Extension: (No Name) - C:\Program Files\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [not found]
FF Extension: (No Name) - C:\Program Files\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [not found]
FF ProfilePath: C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default [2016-11-23]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uanqyggg.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\uanqyggg.default -> dkb.de
FF Session Restore: Mozilla\Firefox\Profiles\uanqyggg.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Zotero) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\zotero@chnm.gmu.edu.xpi [2016-11-03]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-17]
FF Extension: (Nuke Anything Enhanced) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2016-04-30]
FF Extension: (Tab Mix Plus) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (Adblock Edge) - C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\uanqyggg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-27]
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1760375744-4155738735-2501987826-1000\FireFox [2016-11-23]
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1760375744-4155738735-2501987826-1000\FireFox\user.js [2015-05-29]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [not found]
FF Extension: (Anti-Banner) - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2016-11-18] [not signed]
FF Extension: (Modul zur Link-Untersuchung) - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-11-18] [not signed]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-27] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-23]
FF HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1760375744-4155738735-2501987826-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1760375744-4155738735-2501987826-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-01-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-01-04] (Apple Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 CZCanSrv; C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-09-19] (Flexera Software, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [567184 2015-12-23] (Cisco Systems, Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [109248 2015-12-23] (Cisco Systems, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [352256 2009-01-16] (Aladdin Knowledge Systems Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-05] (Kaspersky Lab ZAO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 eapihdrv; C:\Users\Bernhard\AppData\Local\Temp\ehdrv.sys [135760 2016-11-23] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [587776 2009-07-09] (Aladdin Knowledge Systems Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [67456 2015-12-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [51032 2016-08-23] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-11-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [778584 2016-08-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [94040 2016-08-23] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [161672 2015-12-02] (AO Kaspersky Lab)
S3 SG320 Video Capture; C:\Windows\System32\Drivers\SGCam3UVC.sys [2503832 2011-01-25] (SiGma Micro)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-23 16:34 - 2016-11-23 16:42 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-23 16:34 - 2016-11-23 16:34 - 11005320 _____ (SurfRight B.V.) C:\Users\Bernhard\Desktop\HitmanPro.exe
2016-11-23 14:23 - 2016-11-23 14:23 - 00000000 ____D C:\Program Files\ESET
2016-11-23 14:22 - 2016-11-23 14:22 - 02870984 _____ (ESET) C:\Users\Bernhard\Desktop\esetsmartinstaller_deu.exe
2016-11-23 14:14 - 2016-11-23 14:15 - 00001131 _____ C:\Users\Bernhard\Desktop\Fixlog.txt
2016-11-22 16:31 - 2016-11-23 17:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-11-22 14:00 - 2016-11-22 14:00 - 00000000 ____D C:\Users\Bernhard\Desktop\sdfsdfsdfsdf
2016-11-20 16:56 - 2016-11-23 18:22 - 00000000 ____D C:\Users\Bernhard\Desktop\FRST-OlderVersion
2016-11-20 16:50 - 2016-11-20 16:50 - 00003225 _____ C:\Users\Bernhard\Desktop\JRT.txt
2016-11-20 16:47 - 2016-11-20 16:47 - 01631928 _____ (Malwarebytes) C:\Users\Bernhard\Desktop\JRT.exe
2016-11-20 16:33 - 2016-11-20 16:38 - 00000000 ____D C:\AdwCleaner
2016-11-20 16:32 - 2016-11-20 16:33 - 03910208 _____ C:\Users\Bernhard\Desktop\AdwCleaner_6.030.exe
2016-11-20 12:22 - 2016-11-20 16:58 - 00032733 _____ C:\Users\Bernhard\Desktop\Addition.txt
2016-11-20 12:21 - 2016-11-23 18:22 - 00018884 _____ C:\Users\Bernhard\Desktop\FRST.txt
2016-11-20 12:20 - 2016-11-23 18:22 - 01761280 _____ (Farbar) C:\Users\Bernhard\Desktop\FRST.exe
2016-11-20 12:05 - 2016-11-23 18:22 - 00000000 ____D C:\FRST
2016-11-19 23:43 - 2016-11-19 23:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-19 23:43 - 2016-11-19 23:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-19 23:43 - 2016-11-19 23:43 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-11-19 23:43 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-19 23:43 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-19 23:43 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-19 15:10 - 2016-11-20 16:40 - 00000000 ____D C:\Users\Bernhard\AppData\Local\ESET
2016-11-18 13:36 - 2016-11-23 14:19 - 00000000 ____D C:\Users\Bernhard\AppData\LocalLow\Mozilla
2016-11-18 13:15 - 2016-11-18 13:15 - 00003388 _____ C:\Users\Bernhard\AppData\Local\recently-used.xbel
2016-11-18 00:29 - 2016-11-20 16:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-10 08:00 - 2016-11-10 08:01 - 00000000 ____D C:\Windows\rescache
2016-11-09 10:32 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 10:32 - 2016-10-28 04:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 10:32 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 10:32 - 2016-10-27 15:16 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 10:32 - 2016-10-25 15:54 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 10:32 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 10:32 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 10:32 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 10:32 - 2016-10-22 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 10:32 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 10:32 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 10:32 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 10:32 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 10:32 - 2016-10-11 16:24 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 10:32 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 10:32 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 10:32 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 10:32 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 10:32 - 2016-10-10 16:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 10:32 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 10:32 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-09 10:32 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 10:32 - 2016-10-07 16:15 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 10:32 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 10:32 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 10:31 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 10:31 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 10:31 - 2016-10-22 18:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 10:31 - 2016-10-22 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 10:31 - 2016-10-22 18:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 10:31 - 2016-10-22 18:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 10:31 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 10:31 - 2016-10-22 18:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 10:31 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 10:31 - 2016-10-22 18:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 10:31 - 2016-10-22 18:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 10:31 - 2016-10-22 18:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 10:31 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 10:31 - 2016-10-22 18:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 10:31 - 2016-10-22 18:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 10:31 - 2016-10-22 18:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 10:31 - 2016-10-22 18:13 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 10:31 - 2016-10-22 18:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 10:31 - 2016-10-22 18:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 10:31 - 2016-10-22 18:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 10:31 - 2016-10-22 17:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 10:31 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 10:31 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 10:31 - 2016-10-22 17:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 10:31 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 10:31 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 10:31 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 10:31 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 10:31 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 10:31 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 10:31 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 10:31 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 10:31 - 2016-10-10 16:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 10:31 - 2016-10-10 16:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 10:31 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 10:31 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 10:31 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 10:31 - 2016-10-10 15:50 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 10:31 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 10:31 - 2016-10-10 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 10:31 - 2016-10-10 15:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 10:31 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 10:31 - 2016-10-07 15:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 10:31 - 2016-10-07 15:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 10:31 - 2016-10-07 15:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 10:31 - 2016-10-07 15:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 10:31 - 2016-10-07 15:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 10:31 - 2016-10-07 15:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 10:31 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 10:31 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 10:31 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 10:31 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-07 18:10 - 2016-11-07 18:10 - 02094184 _____ (Adobe) C:\Users\Bernhard\Downloads\acrobatproDC_00000000000000000000000407.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-23 18:22 - 2015-02-07 20:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-23 17:48 - 2012-05-04 15:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-23 17:35 - 2009-07-14 05:34 - 00025920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-23 17:35 - 2009-07-14 05:34 - 00025920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-23 16:43 - 2014-05-27 17:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-23 14:18 - 2016-10-18 20:53 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2016-11-23 14:17 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-23 14:15 - 2014-06-26 18:18 - 00000000 ____D C:\Users\Bernhard\AppData\LocalLow\Temp
2016-11-22 00:43 - 2011-04-19 15:54 - 00000000 ____D C:\Users\Bernhard\AppData\Roaming\vlc
2016-11-21 16:04 - 2011-04-18 23:45 - 00795794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-21 16:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-21 09:32 - 2014-08-15 09:03 - 00000000 ____D C:\Users\Bernhard\Desktop\Wohnung
2016-11-20 12:07 - 2011-04-19 01:24 - 00000000 ____D C:\Program Files\Adobe
2016-11-18 13:15 - 2015-01-13 21:45 - 00000000 ____D C:\Users\Bernhard\AppData\Local\gtk-2.0
2016-11-18 13:15 - 2013-05-23 10:39 - 00000000 ____D C:\Users\Bernhard\.gimp-2.8
2016-11-16 18:44 - 2012-12-27 00:08 - 00000000 ____D C:\Users\Guest
2016-11-10 07:18 - 2009-07-14 05:33 - 00337104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 23:46 - 2013-08-17 15:25 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 23:45 - 2011-04-19 01:00 - 138444440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 10:23 - 2012-05-11 14:07 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-09 10:23 - 2011-11-26 00:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-09 10:23 - 2011-04-19 16:20 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 19:35 - 2011-04-19 01:23 - 00000000 ____D C:\ProgramData\Adobe
2016-11-07 18:27 - 2011-04-18 23:58 - 00000000 ____D C:\Users\Bernhard
2016-11-03 22:46 - 2016-08-09 09:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-28 17:47 - 2011-09-07 17:33 - 00000000 ____D C:\Users\Bernhard\AppData\Roaming\Skype
2016-10-27 20:28 - 2013-09-04 00:04 - 00000000 ____D C:\Users\Bernhard\Desktop\Stick
2016-10-26 16:29 - 2011-04-19 00:33 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-05-12 22:28 - 2014-05-12 22:28 - 0035012 _____ () C:\Users\Bernhard\AppData\Roaming\OneCal.emf
2014-05-12 21:22 - 2014-05-12 22:29 - 0000546 _____ () C:\Users\Bernhard\AppData\Roaming\onecal.xml
2016-11-18 13:15 - 2016-11-18 13:15 - 0003388 _____ () C:\Users\Bernhard\AppData\Local\recently-used.xbel
2012-04-18 21:40 - 2012-04-18 21:40 - 0017408 _____ () C:\Users\Bernhard\AppData\Local\WebpageIcons.db
2011-04-19 16:13 - 2016-07-10 21:05 - 0033907 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-18 15:21

==================== End of FRST.txt ============================
         
--- --- ---



[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Bernhard (23-11-2016 18:23:22)
Running from C:\Users\Bernhard\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-04-18 22:58:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1760375744-4155738735-2501987826-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1760375744-4155738735-2501987826-1009 - Limited - Enabled)
Bernhard (S-1-5-21-1760375744-4155738735-2501987826-1000 - Administrator - Enabled) => C:\Users\Bernhard
Guest (S-1-5-21-1760375744-4155738735-2501987826-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.65.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\...\Flux) (Version:  - )
F4500 (Version: 130.0.406.000 - Hewlett-Packard) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.1.445 - Kaspersky Lab) Hidden
LG United Mobile Drivers (HKLM\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft VC90 CRT + OMP (HKLM\...\{0F931735-0098-4FF6-A49D-17882A294F51}) (Version: 1.0.0.0 - ZJMedia Ltd.)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Mozilla Thunderbird 45.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 45.5.0 (x86 de)) (Version: 45.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
Projekt1 (HKLM\...\ST6UNST #1) (Version:  - )
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5864 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigmachip USB Camera Driver (HKLM\...\{5B2A499A-8FB6-4206-B0A4-EADE4BA81F25}) (Version: 1.60.07023 - Sigmachip)
SigmaPlot 12.5 (HKLM\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.1.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM\...\{2D2BD030-2DC0-478F-9710-3554FFC0D797}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{C0D71DFA-F9D4-45C2-A6C9-DAE2212766EE}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{5A9D095A-C6DC-4A69-8A96-AC23911A2D4E}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{1567E010-08CA-439C-903E-480EBD309B17}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Carl Zeiss Microscopy GmbH (tvmcam) Image  (10/06/2010 8.2.0.0) (HKLM\...\B8D098E79A64AB4C236E7AC30C34EF0F01BFC497) (Version: 10/06/2010 8.2.0.0 - Carl Zeiss Microscopy GmbH)
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZEN 2012 x32 blue (HKLM\...\{30F51D0C-19FF-438F-950D-A58C732F4F56}) (Version: 1.1.1 - Carl Zeiss Microscopy GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA04-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA51-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-1760375744-4155738735-2501987826-1000_Classes\CLSID\{6E73CA52-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Program Files\SigmaPlot\SPW12\Spw.exe (Systat Software, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4BA21A0C-C0D7-4163-8366-1531F88DCBAF} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {5CE3E635-8071-44F6-86A7-4F3072867EBD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {61174637-7A94-45F5-8B64-C50DDD5166E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7ED599A2-8C75-4846-BC3E-C9161A26C801} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {986ACD79-0DC7-458D-B6D8-6B609007694C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {A337A464-88A5-4276-A46D-EB67A0B87198} - System32\Tasks\{C0C2C45D-A588-4C28-900C-0020B7266DFF} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files\Projekt1\ST6UNST.LOG"
Task: {AF23EDB9-E532-4A8C-8CE9-CD78BD6A0867} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {BB27DB3F-6A83-43E1-AC47-212478EC452C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {DCA46AC3-ED48-42DE-BA2B-75AA52D0EB66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {F70C682F-2F33-4983-83E3-393D36A4A537} - System32\Tasks\{2C285F43-7EAA-464B-A427-5ECB57FB8FD9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.0.103/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-23 14:27 - 2015-12-23 14:27 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-04-19 16:31 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1760375744-4155738735-2501987826-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1760375744-4155738735-2501987826-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Bernhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Amazon Music => "C:\Users\Bernhard\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: dradio-RecorderTimer => C:\Program Files\dradio-Recorder\phonostarTimer.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0942D896-4744-43E6-A96B-D71FBAAC9DBF}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{61F4E2D9-BDA9-4A4E-8796-CE38CC95F5EA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{41656FFE-EBC0-473C-B5A1-7CA58E5EA514}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6489C8BE-51CB-4E9E-8F7A-7FA987F8FF87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{987924E7-1623-430F-B2C7-01C1FCD3F8E6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E6E2FF7F-F5E3-45B4-BDA4-F4C309669460}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4903AAE0-33EC-4D61-9EA4-33F285FADBC2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D914A554-3152-46B5-A717-7661C797CF1D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BC19F407-55AE-4357-A437-E77AFCD322AC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A4751DFD-6038-4847-AD9A-E515DAA7BC4F}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6AE4321E-B71C-4B21-989F-B20C9B879E64}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{88C6ED2F-369B-48DE-A8D7-62E9B153ECC4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7758F490-EAAC-4C6D-A85D-E5B8A4850A6A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DA73A4E0-E973-448E-BEFB-97E45134516F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E8A36D93-C300-491B-AF43-DDD6FB3C333A}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{8FD4A34B-343F-456D-B0CE-719F85E918AF}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{03DF2CB9-72BD-4DA6-86B6-5D18176D6EF6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A686561B-71CF-4E31-885F-B0B1A6C7D48C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A09B23A9-EE54-4BD3-B3E6-5AA3344D445D}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2E3EB61B-E963-49C6-B491-374E1155BCCB}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{C2F27D64-1933-4CD5-9494-5DD900B42303}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8B40FAC3-3EC9-4761-9167-3789C0A08AB4}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{50B31DB3-C636-4554-A042-6E41077FD4CF}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E3F8A8EF-837A-4044-B08A-74CAC53EDDFD}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7E64ECF5-C258-4B1C-98FD-16AFFC073C8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90FE817D-C6E8-49B0-B2B7-BAF11D8A431C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2A2BAE5-4D05-406F-A031-662DB266BE9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C9845A0-579E-41B9-AA32-268E755CF0B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C901B04-05EF-4D14-91D2-D0CC0D993E93}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9DF1123B-136E-48A7-BBE6-57EFCAA08720}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7ABA75C1-1BC5-4F8A-BC2B-F7D5FB3396C7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{545260F8-4E4A-4AC4-8314-1755FB2D207C}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{7DBC732B-5FB6-4E38-A35F-778832C26CB6}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{6E2FD560-C1C0-4DD5-A30E-A91C664A710C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4C551F79-8154-49B9-9D7D-C701DA99A5BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

23-11-2016 17:21:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Deskjet F4500
Description: HP Deskjet F4500
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2016 05:21:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1760375744-4155738735-2501987826-1005.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {49140c1c-f53e-4496-b999-806289474bc6}

Error: (11/22/2016 10:38:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (11/22/2016 10:38:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (11/22/2016 10:38:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/22/2016 10:38:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11045

Error: (11/22/2016 10:38:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11045

Error: (11/22/2016 10:38:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/22/2016 10:38:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046

Error: (11/22/2016 10:38:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10046

Error: (11/22/2016 10:38:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/23/2016 02:15:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (11/23/2016 02:14:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/23/2016 02:14:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/23/2016 02:14:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/23/2016 02:14:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/23/2016 02:14:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/23/2016 02:14:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (11/23/2016 02:14:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MTB2011 Server (2.1.0.8) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/23/2016 02:14:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HASP License Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/23/2016 02:14:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dienst "Bonjour" service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-03-13 18:17:00.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:17:00.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:17:00.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 18:16:55.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:20.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 16:15:14.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 3032.89 MB
Available physical RAM: 1104.16 MB
Total Virtual: 4591.04 MB
Available Virtual: 2326.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:2.26 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:246.08 GB) (Free:1.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7AB852FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---


Geändert von seppelb (23.11.2016 um 18:25 Uhr)

Alt 24.11.2016, 14:54   #6
M-K-D-B
/// TB-Ausbilder
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
--> Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet

Alt 25.11.2016, 13:34   #7
seppelb
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Hi Mathias,

1000 Dank, das freut mich. Die abschließenden Schritte werde ich in ein paar Tagen durchführen, aktuell bin ich unterwegs. Bisher hast du mir sehr geholfen!

Alt 25.11.2016, 20:48   #8
M-K-D-B
/// TB-Ausbilder
 
Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Standard

Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Antwort

Themen zu Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet
anhang, anti-malware, bewusst, cpu-z, dateien, device driver, directpay 24, eingefangen, eset, fenster, folge, folgende, geschlossen, guten, kaspersky, malwarebytes, mozilla, nichts, officejet, online, ordner, scan, scanner, sicherheit, thunderbird, trojaner, unsinn, unterstützung, welchem, winrar, zip anhang geöffnet, zip-anhang geöffnet



Ähnliche Themen: Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet


  1. Zip-Datei aus Anhang der Online Pay GmbH auf Mac geöffnet
    Alles rund um Mac OSX & Linux - 14.11.2016 (7)
  2. Directpay24 E-Mail bekommen und Zip Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.08.2016 (21)
  3. Trojaner durch directpay24-Spam-Mail mit .zip-Anhang?
    Plagegeister aller Art und deren Bekämpfung - 06.06.2016 (14)
  4. Online Pay 24 GmbH Mail geöffnet und am Pc/(iphone) entzippt
    Log-Analyse und Auswertung - 18.04.2016 (17)
  5. Trojaner im zip-Ordner von Directpay GmbH via Mail geöffnet und ausgeführt
    Log-Analyse und Auswertung - 20.04.2015 (11)
  6. zip-Anhang in Pishing-Mail geöffnet - Trojaner oder Virus auf meinem Laptop?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2014 (5)
  7. Windows 8.1 32bit Email der Anwalt Ebay GmbH Anhang geöffnet -> Trojaner?
    Log-Analyse und Auswertung - 09.07.2014 (13)
  8. E-Mail von Media Center GmbH - Abo 39€ - E-Mail, nicht Anhang geöffnet, Antivirenprogramm meldet sich.
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (5)
  9. Windows Vista: Trojaner E-Mail Anhang geöffnet
    Log-Analyse und Auswertung - 16.08.2013 (9)
  10. Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes
    Log-Analyse und Auswertung - 19.05.2013 (25)
  11. Mail mit ZIP-Datei im Anhang geöffnet - Trojaner?
    Log-Analyse und Auswertung - 14.05.2013 (9)
  12. mydirtyhobby-gmbh ....anhang aus spam-mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (29)
  13. Mahnung Anhang E-Mail geöffnet, anschließend mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  14. Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
    Log-Analyse und Auswertung - 22.01.2013 (19)
  15. Windows Verschlüsselungs-Trojaner - Spam Mail - Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  16. GMX Mail mit Anhang Rechnung geöffnet= Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (1)
  17. UPS-Mail Anhang geöffnet -> Verschiedene Trojaner auf Rechner
    Log-Analyse und Auswertung - 09.02.2010 (3)

Zum Thema Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet - Guten Tag, in wilder Leichtsinnigkeit habe ich auf meinem Windows-PC die bereits bekannte personalisierte Trojaner-Mail von Directpay24 GmbH mit Zahlungsaufforderung geöffnet und in Mozilla Thunderbird auf die zip-Datei im Anhang - Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet...
Archiv
Du betrachtest: Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.