Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: sweet-page.com virus und pc bleibt öfters hängen (https://www.trojaner-board.de/159056-windows-7-sweet-page-com-virus-pc-bleibt-oefters-haengen.html)

Vibion 24.09.2014 18:46
Windows 7: sweet-page.com virus und pc bleibt öfters hängen
 
Hallo,
auf dem PC meiner Eltern ist es nun seit einiger Zeit so, dass die Maus usw. immer wieder hängen bleibt für 2-3 Sekunden. Es ist aber wohl so, dass der gesamte Bildschirm einfriert, also man kann dann auch nicht tippen usw.
Da es vorallem dann auftritt, wenn Chrome an ist, hatte ich vermutet, dass es an zu wenig Arbeitsspeicher liegen könnte und mal versucht den PC aufzuräumen mit CCleaner und automatischen Programmstarts beim PC-Einschalten und seitdem ist es auch etwas besser geworden, aber manchmal hängt der sich jetzt einfach komplett auf (also Bild friert ein und man kann nichts machen).
Es ist nun mal sehr nervig wenn es ständig hängen bleibt und früher, war es eigentlich nie so.
Zudem startete der Browser auch seit einiger Zeit mit dieser sweet-page.com Startseite, was wohl ein Virus ist? Habe da jetzt einfach die Startseite geändert. Eventuell könnte das alles zusammenhängen?

Ich füge noch die Logfiles bei und danke schon mal für die Möglichkeit hier im Forum. Super Sache :)

Gruß Thomas

FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by mia (administrator) on MIA-PC on 24-09-2014 19:03:19
Running from C:\Users\mia\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2170241872-3006662274-4178029837-1000\...\Run: [icq] => C:\Users\mia\AppData\Roaming\ICQM\icq.exe [27578728 2013-03-28] (ICQ)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-25]
FF Extension: No Name - C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\extensions\faststartff@gmail.com [Not Found]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-20]
CHR Extension: (Google Drive) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
CHR Extension: (AdBlock) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-24]
CHR Extension: (Safe Money) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-25]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-25]
CHR Extension: (Virtual Keyboard) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-25]
CHR Extension: (Premiumize.me) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-07-24]
CHR Extension: (Google Wallet) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
CHR Extension: (Anti-Banner) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [577582 2010-08-25] (ZF Electronics GmbH) [File not signed]
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2010-12-17] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2010-12-17] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-25] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 19:03 - 2014-09-24 19:04 - 00022284 _____ () C:\Users\mia\Desktop\FRST.txt
2014-09-24 19:03 - 2014-09-24 19:03 - 00000000 ____D () C:\FRST
2014-09-24 18:59 - 2014-09-24 19:00 - 02106880 _____ (Farbar) C:\Users\mia\Desktop\FRST64.exe
2014-09-24 18:46 - 2014-09-24 18:46 - 00000468 _____ () C:\Users\mia\Downloads\defogger_disable.log
2014-09-24 18:46 - 2014-09-24 18:46 - 00000000 _____ () C:\Users\mia\defogger_reenable
2014-09-24 18:45 - 2014-09-24 18:45 - 00050477 _____ () C:\Users\mia\Downloads\Defogger.exe
2014-09-23 23:39 - 2014-09-24 18:57 - 00000840 _____ () C:\Windows\setupact.log
2014-09-23 23:39 - 2014-09-23 23:39 - 00002198 _____ () C:\Windows\PFRO.log
2014-09-23 23:39 - 2014-09-23 23:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 22:45 - 2014-09-23 22:45 - 00000000 ____D () C:\Windows\pss
2014-09-23 16:34 - 2014-09-24 09:29 - 00000000 ___RD () C:\Users\mia\Documents\HP Photo Creations
2014-09-23 16:34 - 2014-09-23 16:34 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Visan
2014-09-23 16:32 - 2014-09-24 18:22 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-23 16:32 - 2014-09-23 16:32 - 00003338 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-09-23 16:00 - 2014-09-24 09:29 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:32 - 00002136 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-09-23 16:00 - 2014-09-23 16:32 - 00000000 ____D () C:\ProgramData\Visan
2014-09-23 16:00 - 2014-09-23 16:00 - 00003602 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Users\mia\AppData\Roaming\HpUpdate
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-23 15:59 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-23 15:59 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-23 15:59 - 2014-09-23 15:59 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00001163 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files\HP
2014-09-23 15:59 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2014-09-23 15:57 - 2014-09-23 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-23 15:55 - 2014-09-23 16:23 - 00000000 ____D () C:\Users\mia\AppData\Local\HP
2014-09-23 15:45 - 2014-09-23 15:59 - 00000000 ____D () C:\ProgramData\HP
2014-09-21 22:53 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAD.DLL
2014-09-21 22:15 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAD.DLL
2014-09-21 17:00 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi
2014-09-21 16:59 - 2014-09-21 16:59 - 00343845 _____ () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi.zip
2014-09-21 12:13 - 2014-09-21 12:13 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-21 08:55 - 2014-09-21 08:55 - 00018427 _____ () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg.htm
2014-09-21 08:55 - 2014-09-21 08:55 - 00000000 ____D () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg_files
2014-09-21 08:31 - 2014-09-21 08:31 - 00001247 _____ () C:\Users\mia\Desktop\IMG_1226 - Verknüpfung.lnk
2014-09-21 07:54 - 2014-09-21 07:54 - 00002170 _____ () C:\Users\mia\Desktop\P1040728 - Verknüpfung.lnk
2014-09-21 00:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 00:05 - 2014-09-21 00:07 - 00000000 ____D () C:\AdwCleaner
2014-09-21 00:03 - 2014-09-21 00:03 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 00:03 - 2014-09-21 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 19:50 - 2014-09-20 19:50 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Cherry
2014-09-20 19:48 - 2014-09-20 19:48 - 00000000 ____D () C:\ProgramData\Cherry
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cherry
2014-09-18 10:59 - 2014-09-18 10:59 - 00034304 _____ () C:\Users\mia\Documents\Zahlungsbestätigung Tom-Tom Radarkameras.msg
2014-09-12 00:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 23:21 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 18:20 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 18:20 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 18:19 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 18:19 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-28 21:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 21:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 21:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 19:04 - 2014-09-24 19:03 - 00022284 _____ () C:\Users\mia\Desktop\FRST.txt
2014-09-24 19:03 - 2014-09-24 19:03 - 00000000 ____D () C:\FRST
2014-09-24 19:03 - 2012-09-08 10:08 - 01098990 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 19:03 - 2010-05-12 10:18 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-09-24 19:03 - 2010-05-12 10:18 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-09-24 19:03 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 19:00 - 2014-09-24 18:59 - 02106880 _____ (Farbar) C:\Users\mia\Desktop\FRST64.exe
2014-09-24 18:58 - 2013-12-25 09:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-24 18:57 - 2014-09-23 23:39 - 00000840 _____ () C:\Windows\setupact.log
2014-09-24 18:57 - 2012-09-08 10:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 18:57 - 2010-12-20 10:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-24 18:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 18:55 - 2012-11-01 13:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 18:53 - 2012-09-08 10:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 18:46 - 2014-09-24 18:46 - 00000468 _____ () C:\Users\mia\Downloads\defogger_disable.log
2014-09-24 18:46 - 2014-09-24 18:46 - 00000000 _____ () C:\Users\mia\defogger_reenable
2014-09-24 18:46 - 2012-09-08 10:17 - 00000000 ____D () C:\Users\mia
2014-09-24 18:45 - 2014-09-24 18:45 - 00050477 _____ () C:\Users\mia\Downloads\Defogger.exe
2014-09-24 18:22 - 2014-09-23 16:32 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-24 17:45 - 2012-09-15 16:03 - 00000000 ____D () C:\Users\mia\Documents\Outlook-Dateien
2014-09-24 13:17 - 2014-08-22 21:45 - 00000000 ____D () C:\Users\mia\AppData\Local\JDownloader v2.0
2014-09-24 12:27 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 12:27 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 09:29 - 2014-09-23 16:34 - 00000000 ___RD () C:\Users\mia\Documents\HP Photo Creations
2014-09-24 09:29 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-23 23:39 - 2014-09-23 23:39 - 00002198 _____ () C:\Windows\PFRO.log
2014-09-23 23:39 - 2014-09-23 23:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 23:39 - 2012-09-15 18:14 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-09-23 23:39 - 2009-07-14 06:45 - 00413896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 23:32 - 2012-09-08 10:18 - 00112040 _____ () C:\Users\mia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 23:19 - 2012-11-04 17:29 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-09-23 23:19 - 2012-11-04 17:29 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Canon
2014-09-23 22:45 - 2014-09-23 22:45 - 00000000 ____D () C:\Windows\pss
2014-09-23 22:42 - 2012-09-21 09:46 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Skype
2014-09-23 20:57 - 2012-11-01 13:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:57 - 2012-11-01 13:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:57 - 2012-11-01 13:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 19:12 - 2014-08-05 17:54 - 00000000 ____D () C:\Users\mia\Desktop\Doukumente
2014-09-23 17:42 - 2012-10-01 17:11 - 00000000 ____D () C:\Users\mia\AppData\Local\Windows Live
2014-09-23 16:34 - 2014-09-23 16:34 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Visan
2014-09-23 16:32 - 2014-09-23 16:32 - 00003338 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-09-23 16:32 - 2014-09-23 16:00 - 00002136 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-09-23 16:32 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\Visan
2014-09-23 16:23 - 2014-09-23 15:55 - 00000000 ____D () C:\Users\mia\AppData\Local\HP
2014-09-23 16:00 - 2014-09-23 16:00 - 00003602 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Users\mia\AppData\Roaming\HpUpdate
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-23 16:00 - 2014-09-23 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-23 16:00 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-23 15:59 - 2014-09-23 15:59 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00001163 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files\HP
2014-09-23 15:59 - 2014-09-23 15:45 - 00000000 ____D () C:\ProgramData\HP
2014-09-23 15:57 - 2014-09-23 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-22 20:36 - 2012-11-01 17:13 - 00000000 ____D () C:\Users\mia\AppData\Roaming\DAEMON Tools Lite
2014-09-22 20:36 - 2012-09-08 10:12 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 18:24 - 2013-09-11 15:48 - 00000000 ____D () C:\Users\mia\AppData\Local\Lexware
2014-09-21 17:00 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi
2014-09-21 16:59 - 2014-09-21 16:59 - 00343845 _____ () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi.zip
2014-09-21 12:13 - 2014-09-21 12:13 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-21 12:13 - 2010-12-20 12:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-21 08:55 - 2014-09-21 08:55 - 00018427 _____ () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg.htm
2014-09-21 08:55 - 2014-09-21 08:55 - 00000000 ____D () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg_files
2014-09-21 08:31 - 2014-09-21 08:31 - 00001247 _____ () C:\Users\mia\Desktop\IMG_1226 - Verknüpfung.lnk
2014-09-21 07:54 - 2014-09-21 07:54 - 00002170 _____ () C:\Users\mia\Desktop\P1040728 - Verknüpfung.lnk
2014-09-21 00:07 - 2014-09-21 00:05 - 00000000 ____D () C:\AdwCleaner
2014-09-21 00:06 - 2013-02-26 23:11 - 00000000 ____D () C:\Users\mia\AppData\Local\CRE
2014-09-21 00:06 - 2012-09-21 09:31 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-21 00:03 - 2014-09-21 00:03 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 00:03 - 2014-09-21 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 21:01 - 2014-08-05 17:53 - 00000000 ____D () C:\Users\mia\Desktop\Programme
2014-09-20 19:50 - 2014-09-20 19:50 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Cherry
2014-09-20 19:48 - 2014-09-20 19:48 - 00000000 ____D () C:\ProgramData\Cherry
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cherry
2014-09-20 13:00 - 2014-08-01 15:15 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Spotify
2014-09-20 12:55 - 2014-08-01 15:16 - 00000000 ____D () C:\Users\mia\AppData\Local\Spotify
2014-09-18 10:59 - 2014-09-18 10:59 - 00034304 _____ () C:\Users\mia\Documents\Zahlungsbestätigung Tom-Tom Radarkameras.msg
2014-09-16 14:48 - 2012-04-25 19:48 - 00000000 ____D () C:\Users\mia\Kopirte Archiv von alten PC
2014-09-13 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 00:02 - 2012-09-08 14:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:00 - 2013-10-19 12:17 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 23:56 - 2013-08-14 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:22 - 2010-07-07 17:49 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:21 - 2014-05-06 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-05 04:10 - 2014-09-11 18:19 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 18:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-09-02 11:51 - 2012-12-05 15:51 - 00000000 ____D () C:\Users\mia\AppData\Roaming\vlc
2014-09-01 15:01 - 2012-09-21 09:46 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\mia\AppData\Local\Temp\DRPCUNLR.dll
C:\Users\mia\AppData\Local\Temp\proxy_vole6930877451583510395.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 15:47

==================== End Of Log ============================
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by mia at 2014-09-24 19:04:28
Running from C:\Users\mia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
Budenberg Software Mehrplatz 5/10 WIN (HKLM-x32\...\Budenberg_is1) (Version: Budenberg 5/10 - Budenberg Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Emil und Pauline In der Südsee (remove only) (HKLM-x32\...\Emil und Pauline In der Südsee) (Version:  - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fragenbär - Richtig rechnen 2 (HKLM-x32\...\de.fragenbaer.Rechnen2) (Version: 1.0 - SL-Lernsoftware)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{333E22D7-9F56-4482-A13C-1B9D35B9D641}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ICQ 8.0 (build 6008, für aktuellen Benutzer) (HKCU\...\ICQ) (Version: 8.0.6008.0 - Mail.Ru)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections 15.8.75.0 (HKLM\...\PROSetDX) (Version: 15.8.75.0 - Intel)
Intel(R) Network Connections 15.8.75.0 (Version: 15.8.75.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KeyMan V4.0 Build 6 (HKLM-x32\...\{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}) (Version: 4.0.0.6 - ZF Friedrichshafen AG)
Medion Home Cinema (HKLM-x32\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 6.0.0000 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}) (Version: 1.1.0324 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 10.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 10.0 (x86 de)) (Version: 10.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickSteuer Deluxe 2014 (HKLM-x32\...\{F0DDB61B-25D1-4159-8F10-7A5B83B86339}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Screenshot Captor 3.08.01 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{98802D44-4885-41EA-9BA8-96A117ECF223}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 - Ghisler Software GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-09-2014 21:19:20 Windows Update
18-09-2014 21:50:57 Geplanter Prüfpunkt
20-09-2014 17:47:08 Installed KeyMan V4.0 Build 6
21-09-2014 20:14:41 Windows Update
23-09-2014 21:23:00 Removed CorelDRAW Essentials 4 - Windows Shell Extension.
23-09-2014 21:23:30 Removed Corel Shell Extension - 64Bit.
23-09-2014 21:32:57 MyMicroBalance wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-12-23 10:23 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A700177-9FAC-40AC-B9E8-D230ACE631BD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {3FBBDDE1-8A4C-4082-9D33-59B06E96A7DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {8DBB9D82-CF03-4A33-A5D6-89B0F2DE0F92} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {996C8EE3-1D30-4E27-B9D7-9A94B9220E69} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {B33AC456-9449-44FE-B2A8-302F1A06CE6C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {E7813C5D-64E6-41F6-870C-B668C76899CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2013-10-19 12:20 - 2013-11-11 17:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-23 03:15 - 2013-12-23 03:15 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2009-11-03 00:20 - 2009-11-03 00:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-03 00:23 - 2009-11-03 00:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-11 19:00 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-11 19:00 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-11 19:00 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 19:00 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 19:00 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 12:21 - 2014-09-12 12:21 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f0322cce99ffb4609aaaec5e37048cf3\IsdiInterop.ni.dll
2010-12-20 18:00 - 2010-11-06 09:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^mia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BullGuard => "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CherryKeyMan => "C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\mia\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ICQ => C:\Users\mia\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: MyTomTomSA.exe => "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\mia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 04:35:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.2.183.21, Zeitstempel: 0x4b95e661
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (09/24/2014 06:57:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎09.‎2014 um 18:49:37 unerwartet heruntergefahren.

Error: (09/24/2014 05:36:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AVP erreicht.

Error: (09/24/2014 00:18:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎09.‎2014 um 12:05:02 unerwartet heruntergefahren.

Error: (09/23/2014 11:46:29 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5!051d(2558)

Error: (09/23/2014 11:41:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2014 11:41:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (09/23/2014 10:50:25 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5!051d(2558)

Error: (09/23/2014 07:08:00 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5!051d(2558)

Error: (09/23/2014 05:38:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎09.‎2014 um 17:31:31 unerwartet heruntergefahren.

Error: (09/23/2014 05:18:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎09.‎2014 um 17:10:38 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (09/24/2014 04:35:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e068c01cfd80320bc91c0C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll0761a9fe-43f8-11e4-9e4a-6c626deeef72

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/23/2014 11:41:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (09/23/2014 11:41:23 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
        0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


CodeIntegrity Errors:
===================================
  Date: 2014-09-23 20:03:58.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-23 20:03:58.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-23 20:03:58.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-23 20:03:58.093
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-23 20:03:58.093
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-23 20:03:58.093
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-22 19:11:43.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-22 19:11:43.850
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-22 19:11:43.847
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-22 19:11:43.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 4077.64 MB
Available physical RAM: 2068.71 MB
Total Pagefile: 10190.82 MB
Available Pagefile: 7816.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1831.92 GB) (Free:1594.69 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:10.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1831.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Vibion 24.09.2014 18:46
GMER:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-24 19:30:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320005 rev.CC34 1863,02GB
Running: Gmer-19357.exe; Driver: C:\Users\mia\AppData\Local\Temp\pftdypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 680                                                                                                                                                                                                              fffff800031a6098 93 bytes [48, 8B, 84, 24, E8, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 774                                                                                                                                                                                                              fffff800031a60f6 24 bytes [22, C4, 44, 8B, CB, 65, 4C, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                                                            00000000774dfaa8 5 bytes JMP 0000000173d118dd
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1708] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                      00000000774e0038 5 bytes JMP 0000000173d11ed6
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                                                                        0000000072df1a22 2 bytes [DF, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                                                                        0000000072df1ad0 2 bytes [DF, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                                                                        0000000072df1b08 2 bytes [DF, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                                                                        0000000072df1bba 2 bytes [DF, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                                                                        0000000072df1bda 2 bytes [DF, 72]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                              00000000763f1465 2 bytes [3F, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                              00000000763f14bb 2 bytes [3F, 76]
.text    ...                                                                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                                                        00000000772e11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                                                      00000000772e1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                              00000000772e143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                                              00000000772e158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                      00000000772e191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                                                      00000000772e1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                                                    00000000772e1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                        00000000772e1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                                                        00000000772e1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                            00000000772e1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                                                          00000000772e1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                                                          00000000772e1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                                                  00000000772e1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                                              00000000772e2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                                              00000000772e2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                                                  00000000772e2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                          00000000772e27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                        00000000772e27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                        00000000772e282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                                                        00000000772e2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                00000000772e2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                                                00000000772e2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                                            * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                                                        00000000772e3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                            00000000772e323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                                                            00000000772e33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                          00000000772e3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                          00000000772e3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                              00000000772e3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                                              00000000772e3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                        00000000772e4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                  0000000077331380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                0000000077331500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                      0000000077331530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                    0000000077331650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                        0000000077331700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                        0000000077331d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                      0000000077331f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                      00000000773327e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                    0000000074de13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                    0000000074de146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                0000000074de16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                                  0000000074de16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                              0000000074de19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                              0000000074de19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                                        0000000074de1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                                          0000000074de1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                        0000000074de1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5460] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                                            0000000074de1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                                                                                                        00000000772e11f5 8 bytes {JMP 0xd}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                                                                                                      00000000772e1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                                                                              00000000772e143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                                                                                              00000000772e158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                                                                      00000000772e191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                                                                                                      00000000772e1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                                                                                                    00000000772e1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                                                                        00000000772e1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                                                                                                        00000000772e1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                                                                            00000000772e1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                                                                                                          00000000772e1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                                                                                                          00000000772e1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                                                                                                  00000000772e1fd7 8 bytes {JMP 0xb}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                                                                                              00000000772e2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                                                                                              00000000772e2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                                                                                                  00000000772e2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                                                                          00000000772e27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                                                                        00000000772e27d2 8 bytes {JMP 0x10}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                                                                        00000000772e282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                                                                                                        00000000772e2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                                            * 2
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                                                                00000000772e2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                                                                                                00000000772e2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                                            * 3
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                                                                                                        00000000772e3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                                                                            00000000772e323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                                                                                                            00000000772e33c0 16 bytes {JMP 0x4e}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                                                                          00000000772e3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                                                                          00000000772e3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                                                                              00000000772e3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                                                                                              00000000772e3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                                                                        00000000772e4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                                                  0000000077331380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                                                0000000077331500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                      0000000077331530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                    0000000077331650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                        0000000077331700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                        0000000077331d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                                      0000000077331f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                      00000000773327e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                                                                    0000000074de13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                                                                    0000000074de146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                                                                0000000074de16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                                                                                  0000000074de16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                                              0000000074de19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                                                                              0000000074de19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                                                                                        0000000074de1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                                                                                          0000000074de1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                                                                        0000000074de1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\mia\Desktop\Gmer-19357.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                                                                                            0000000074de1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavemu.kdl.6e86633e63e607038cfa66d3f88c5d60 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1708] (Heuristics engine/Kaspersky Lab ZAO)(2014-04-17 10:41:06)        0000000067a00000
Library  C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kjim.kdl.d4e5f800473001b23e283d91de9755fb (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1708] (Script Heuristics Engine/Kaspersky Lab ZAO)(2014-07-08 14:26:50)    00000000676b0000
Library  C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\mark.kdl.1ec35d35788a9bc270a3b447405ab577 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1708] (Anti-Rootkit Engine/Kaspersky Lab ZAO)(2014-07-14 10:42:30)        00000000683b0000
Library  C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\qscan.kdl.94c366b442c3accc919782ce5f0d7fd0 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1708] (Initial Scan Engine/Kaspersky Lab ZAO)(2014-08-07 10:15:04)        0000000067580000
Library  C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kavsys.kdl.3cbce9162519ae9d590238cb927fbb55 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1708] (Set of system interfaces/Kaspersky Lab ZAO)(2014-08-07 10:15:07)  000000006f680000
Library  C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\arkmon.kdl.cabb8d489588e2bad1456f23067a62ef (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1708] (Anti-Rootkit Monitor/Kaspersky Lab ZAO)(2014-07-14 10:42:33)      000000006f300000

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 25.09.2014 07:35
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Vibion 25.09.2014 12:06
Combofix log:
Code:
ComboFix 14-09-22.01 - mia 25.09.2014  12:19:32.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4078.1562 [GMT 2:00]
ausgeführt von:: c:\users\mia\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-25 bis 2014-09-25  ))))))))))))))))))))))))))))))
.
.
2014-09-25 10:47 . 2014-09-25 10:47        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2014-09-25 10:47 . 2014-09-25 10:47        --------        d-----w-        c:\users\Nadja\AppData\Local\temp
2014-09-25 10:09 . 2014-09-25 10:09        93808        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\webapprt-stub.exe
2014-09-24 17:03 . 2014-09-24 17:05        --------        d-----w-        C:\FRST
2014-09-23 14:34 . 2014-09-23 14:34        --------        d-----w-        c:\users\mia\AppData\Roaming\Visan
2014-09-23 14:00 . 2014-09-23 14:00        --------        d-----w-        c:\program files (x86)\Hewlett-Packard
2014-09-23 14:00 . 2014-09-24 07:29        --------        d-----w-        c:\programdata\HP Photo Creations
2014-09-23 14:00 . 2014-09-23 14:32        --------        d-----w-        c:\programdata\Visan
2014-09-23 14:00 . 2014-09-23 14:00        --------        d-----w-        c:\program files (x86)\HP Photo Creations
2014-09-23 14:00 . 2014-09-23 14:00        --------        d-----w-        c:\users\mia\AppData\Roaming\HpUpdate
2014-09-23 13:59 . 2014-03-06 10:51        763912        ------w-        c:\windows\system32\HPDiscoPMC211.dll
2014-09-23 13:59 . 2014-09-23 14:00        --------        d-----w-        c:\program files (x86)\HP
2014-09-23 13:59 . 2014-09-23 13:59        --------        d-----w-        c:\program files\HP
2014-09-23 13:55 . 2014-09-23 14:23        --------        d-----w-        c:\users\mia\AppData\Local\HP
2014-09-23 13:45 . 2014-09-23 13:59        --------        d-----w-        c:\programdata\HP
2014-09-21 20:53 . 2012-03-14 03:00        385024        ----a-w-        c:\windows\system32\CNMXLMAD.DLL
2014-09-21 20:15 . 2012-03-14 03:00        385024        ----a-w-        c:\windows\system32\CNMLMAD.DLL
2014-09-20 22:06 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-09-20 22:05 . 2014-09-20 22:07        --------        d-----w-        C:\AdwCleaner
2014-09-20 17:50 . 2014-09-20 17:50        --------        d-----w-        c:\users\mia\AppData\Roaming\Cherry
2014-09-20 17:48 . 2014-09-20 17:48        --------        d-----w-        c:\programdata\Cherry
2014-09-20 17:47 . 2014-09-20 17:47        --------        d-----w-        c:\program files (x86)\Common Files\Cherry
2014-09-20 17:47 . 2014-09-20 17:47        --------        d-----w-        c:\program files (x86)\Cherry
2014-09-11 21:21 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-11 21:21 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 16:20 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-11 16:20 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 16:20 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-11 16:20 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-09-11 16:20 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-11 16:20 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 16:20 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-11 16:20 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-11 16:20 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-11 16:19 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-11 16:19 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-04 12:50 . 2014-09-04 12:50        188304        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-03 18:27 . 2014-09-03 18:27        --------        d--h--w-        c:\programdata\CanonIJEGV
2014-09-01 13:01 . 2014-09-01 13:01        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-08-28 19:10 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-28 19:10 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-28 19:10 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-23 18:57 . 2012-11-01 11:45        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 18:57 . 2012-11-01 11:45        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-11 21:22 . 2010-07-07 15:49        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-08-06 06:21 . 2010-06-24 18:33        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-17 08:51        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-17 08:51        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-17 08:50        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-17 08:50        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-06-30 22:24 . 2014-08-17 21:29        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-17 21:29        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\mia\AppData\Roaming\ICQM\icq.exe" [2013-03-28 27578728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Cherry Device Interface;Cherry Device Interface;c:\program files (x86)\Cherry\CDI\cdi.exe;c:\program files (x86)\Cherry\CDI\cdi.exe [x]
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTXPE.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 10:54        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 18:57]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 08:13]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 08:13]
.
2014-09-25 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-02-21 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11613288]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\
FF - ExtSQL: 2014-08-22 21:44; faststartff@gmail.com; c:\users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\extensions\faststartff@gmail.com
FF - ExtSQL: !HIDDEN! 2014-08-22 21:44; faststartff@gmail.com; c:\users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\extensions\faststartff@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-25  13:02:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-25 11:02
.
Vor Suchlauf: 17 Verzeichnis(se), 1.711.543.119.872 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 1.714.964.434.944 Bytes frei
.
- - End Of File - - F2AEE20BA2A3AFE70FAED6482607B2EF

schrauber 25.09.2014 19:05
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Vibion 25.09.2014 20:16
Alles klar, vielen Dank für die Hilfe schon mal.
Hier die Logfiles.

mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.09.2014
Suchlauf-Zeit: 20:23:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.25.09
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mia

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 446684
Verstrichene Zeit: 15 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-2170241872-3006662274-4178029837-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [f0ed03eec2b9da5cd374f319e2214cb4],

Registrierungswerte: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-2170241872-3006662274-4178029837-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [f0ed03eec2b9da5cd374f319e2214cb4]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner:
Code:
# AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 20:49:33
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : mia - MIA-PC
# Gestartet von : C:\Users\mia\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN11234305807565129&ctid=CT3240727
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1408736678&from=cor&uid=ST32000542AS_5XW2F4REXXXX5XW2F4RE&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN11234305807565129&ctid=CT3240727

[ Datei : C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9071 octets] - [21/09/2014 00:05:16]
AdwCleaner[R1].txt - [1762 octets] - [25/09/2014 20:48:24]
AdwCleaner[S0].txt - [7947 octets] - [21/09/2014 00:06:48]
AdwCleaner[S1].txt - [1683 octets] - [25/09/2014 20:49:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1743 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Home Premium x64
Ran by mia on 25.09.2014 at 20:55:54,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\mia\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.09.2014 at 21:01:48,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by mia (administrator) on MIA-PC on 25-09-2014 21:11:07
Running from C:\Users\mia\Desktop
Loaded Profile: mia (Available profiles: mia & Nadja & postgres & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2170241872-3006662274-4178029837-1000\...\Run: [icq] => C:\Users\mia\AppData\Roaming\ICQM\icq.exe [27578728 2013-03-28] (ICQ)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/559fe7880fe9cdef8ee6776f7cfc53cb/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Premiumize.me - C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-09-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-25]

Chrome:
=======
CHR HomePage: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-20]
CHR Extension: (Google Drive) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
CHR Extension: (AdBlock) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-24]
CHR Extension: (Safe Money) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-25]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-25]
CHR Extension: (Virtual Keyboard) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-25]
CHR Extension: (Premiumize.me) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-07-24]
CHR Extension: (Google Wallet) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
CHR Extension: (Anti-Banner) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [577582 2010-08-25] (ZF Electronics GmbH) [File not signed]
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2010-12-17] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2010-12-17] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-25] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 21:11 - 2014-09-25 21:11 - 00022093 _____ () C:\Users\mia\Desktop\FRST.txt
2014-09-25 21:10 - 2014-09-25 21:10 - 00000000 ____D () C:\Users\mia\Desktop\FRST-OlderVersion
2014-09-25 21:01 - 2014-09-25 21:01 - 00000690 _____ () C:\Users\mia\Desktop\JRT.txt
2014-09-25 20:55 - 2014-09-25 20:55 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 20:52 - 2014-09-25 20:52 - 00001823 _____ () C:\Users\mia\Desktop\AdwCleaner[S1].txt
2014-09-25 20:46 - 2014-09-25 20:47 - 00000000 ____D () C:\Users\mia\Downloads\Proof
2014-09-25 20:46 - 2014-09-25 20:46 - 00000000 ____D () C:\Users\mia\Downloads\Sample
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.rar
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r33
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r32
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r31
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r30
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r29
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r28
2014-09-25 20:46 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r27
2014-09-25 20:46 - 2014-09-09 09:43 - 13021676 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r34
2014-09-25 20:46 - 2014-09-09 09:43 - 00001368 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.sfv
2014-09-25 20:46 - 2014-09-03 13:54 - 1745599808 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.mkv
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r26
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r25
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r24
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r23
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r22
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r21
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r20
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r19
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r18
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r17
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r16
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r15
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r14
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r13
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r12
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r11
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r10
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r09
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r08
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r07
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r06
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r05
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r04
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r03
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r02
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r01
2014-09-25 20:45 - 2014-09-09 09:43 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r00
2014-09-25 20:45 - 2014-09-09 09:43 - 00014438 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.nfo
2014-09-25 20:43 - 2014-09-25 20:45 - 192881041 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part4.rar
2014-09-25 20:42 - 2014-09-25 20:42 - 01024790 _____ (Thisisu) C:\Users\mia\Desktop\JRT.exe
2014-09-25 20:40 - 2014-09-25 20:40 - 01373475 _____ () C:\Users\mia\Desktop\AdwCleaner_3.310.exe
2014-09-25 20:40 - 2014-09-25 20:40 - 00001516 _____ () C:\Users\mia\Desktop\mbam.txt
2014-09-25 20:38 - 2014-09-25 20:43 - 525336579 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part3.rar
2014-09-25 20:38 - 2014-09-25 20:43 - 525336579 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part2.rar
2014-09-25 20:38 - 2014-09-25 20:43 - 525336579 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part1.rar
2014-09-25 20:33 - 2014-09-25 20:33 - 70436456 _____ () C:\Users\mia\Downloads\oyhd-verurteilten-1080p.part02.rar.part
2014-09-25 20:33 - 2014-09-25 20:33 - 58229952 _____ () C:\Users\mia\Downloads\oyhd-verurteilten-1080p.part01.rar.part
2014-09-25 20:33 - 2014-09-25 20:33 - 55307080 _____ () C:\Users\mia\Downloads\oyhd-verurteilten-1080p.part03.rar.part
2014-09-25 20:22 - 2014-09-25 20:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 20:22 - 2014-09-25 20:22 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 20:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 20:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 20:21 - 2014-09-25 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mia\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 13:02 - 2014-09-25 13:02 - 00022962 _____ () C:\ComboFix.txt
2014-09-25 12:14 - 2014-09-25 13:03 - 00000000 ____D () C:\Qoobox
2014-09-25 12:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-25 12:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-25 12:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-25 12:12 - 2014-09-25 13:00 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 12:09 - 2014-09-25 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:08 - 2014-09-25 12:09 - 05579290 ____R (Swearware) C:\Users\mia\Desktop\ComboFix.exe
2014-09-24 20:42 - 2014-09-25 19:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:42 - 2014-09-24 20:42 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-24 19:30 - 2014-09-24 19:30 - 00040093 _____ () C:\Users\mia\Desktop\Gmer.txt
2014-09-24 19:08 - 2014-09-24 19:07 - 00380416 _____ () C:\Users\mia\Desktop\Gmer-19357.exe
2014-09-24 19:07 - 2014-09-24 19:07 - 00380416 _____ () C:\Users\mia\Downloads\Gmer-19357.exe
2014-09-24 19:04 - 2014-09-24 19:05 - 00045396 _____ () C:\Users\mia\Desktop\Addition.txt
2014-09-24 19:03 - 2014-09-25 21:11 - 00000000 ____D () C:\FRST
2014-09-24 18:59 - 2014-09-25 21:10 - 02108928 _____ (Farbar) C:\Users\mia\Desktop\FRST64.exe
2014-09-24 18:46 - 2014-09-24 18:46 - 00000468 _____ () C:\Users\mia\Downloads\defogger_disable.log
2014-09-24 18:46 - 2014-09-24 18:46 - 00000000 _____ () C:\Users\mia\defogger_reenable
2014-09-24 18:45 - 2014-09-24 18:45 - 00050477 _____ () C:\Users\mia\Downloads\Defogger.exe
2014-09-23 23:39 - 2014-09-25 20:51 - 00001848 _____ () C:\Windows\setupact.log
2014-09-23 23:39 - 2014-09-25 20:50 - 00003064 _____ () C:\Windows\PFRO.log
2014-09-23 23:39 - 2014-09-23 23:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 22:45 - 2014-09-23 22:45 - 00000000 ____D () C:\Windows\pss
2014-09-23 16:34 - 2014-09-24 09:29 - 00000000 ___RD () C:\Users\mia\Documents\HP Photo Creations
2014-09-23 16:34 - 2014-09-23 16:34 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Visan
2014-09-23 16:32 - 2014-09-25 20:22 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-23 16:32 - 2014-09-23 16:32 - 00003338 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-09-23 16:00 - 2014-09-24 09:29 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:32 - 00002136 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-09-23 16:00 - 2014-09-23 16:32 - 00000000 ____D () C:\ProgramData\Visan
2014-09-23 16:00 - 2014-09-23 16:00 - 00003602 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Users\mia\AppData\Roaming\HpUpdate
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-23 15:59 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-23 15:59 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-23 15:59 - 2014-09-23 15:59 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00001163 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files\HP
2014-09-23 15:59 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2014-09-23 15:57 - 2014-09-23 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-23 15:55 - 2014-09-23 16:23 - 00000000 ____D () C:\Users\mia\AppData\Local\HP
2014-09-23 15:45 - 2014-09-23 15:59 - 00000000 ____D () C:\ProgramData\HP
2014-09-21 22:53 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAD.DLL
2014-09-21 22:15 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAD.DLL
2014-09-21 17:00 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi
2014-09-21 12:13 - 2014-09-21 12:13 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-21 08:55 - 2014-09-21 08:55 - 00018427 _____ () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg.htm
2014-09-21 08:55 - 2014-09-21 08:55 - 00000000 ____D () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg_files
2014-09-21 08:31 - 2014-09-21 08:31 - 00001247 _____ () C:\Users\mia\Desktop\IMG_1226 - Verknüpfung.lnk
2014-09-21 07:54 - 2014-09-21 07:54 - 00002170 _____ () C:\Users\mia\Desktop\P1040728 - Verknüpfung.lnk
2014-09-21 00:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 00:05 - 2014-09-25 20:49 - 00000000 ____D () C:\AdwCleaner
2014-09-21 00:03 - 2014-09-25 12:56 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 00:03 - 2014-09-21 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 19:50 - 2014-09-20 19:50 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Cherry
2014-09-20 19:48 - 2014-09-20 19:48 - 00000000 ____D () C:\ProgramData\Cherry
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cherry
2014-09-18 10:59 - 2014-09-18 10:59 - 00034304 _____ () C:\Users\mia\Documents\Zahlungsbestätigung Tom-Tom Radarkameras.msg
2014-09-12 00:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 23:21 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 18:20 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 18:20 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 18:19 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 18:19 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-28 21:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 21:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 21:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 21:12 - 2014-09-25 21:11 - 00022093 _____ () C:\Users\mia\Desktop\FRST.txt
2014-09-25 21:11 - 2014-09-24 19:03 - 00000000 ____D () C:\FRST
2014-09-25 21:10 - 2014-09-25 21:10 - 00000000 ____D () C:\Users\mia\Desktop\FRST-OlderVersion
2014-09-25 21:10 - 2014-09-24 18:59 - 02108928 _____ (Farbar) C:\Users\mia\Desktop\FRST64.exe
2014-09-25 21:03 - 2012-12-05 15:51 - 00000000 ____D () C:\Users\mia\AppData\Roaming\vlc
2014-09-25 21:01 - 2014-09-25 21:01 - 00000690 _____ () C:\Users\mia\Desktop\JRT.txt
2014-09-25 20:59 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 20:59 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 20:57 - 2010-05-12 10:18 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2014-09-25 20:57 - 2010-05-12 10:18 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2014-09-25 20:57 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 20:55 - 2014-09-25 20:55 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 20:55 - 2012-11-01 13:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 20:53 - 2012-09-08 10:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 20:52 - 2014-09-25 20:52 - 00001823 _____ () C:\Users\mia\Desktop\AdwCleaner[S1].txt
2014-09-25 20:51 - 2014-09-23 23:39 - 00001848 _____ () C:\Windows\setupact.log
2014-09-25 20:51 - 2013-12-25 09:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-25 20:51 - 2012-09-08 10:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 20:51 - 2010-12-20 10:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 20:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 20:50 - 2014-09-23 23:39 - 00003064 _____ () C:\Windows\PFRO.log
2014-09-25 20:49 - 2014-09-21 00:05 - 00000000 ____D () C:\AdwCleaner
2014-09-25 20:49 - 2012-09-08 10:08 - 01161488 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 20:47 - 2014-09-25 20:46 - 00000000 ____D () C:\Users\mia\Downloads\Proof
2014-09-25 20:47 - 2014-08-22 21:45 - 00000000 ____D () C:\Users\mia\AppData\Local\JDownloader v2.0
2014-09-25 20:46 - 2014-09-25 20:46 - 00000000 ____D () C:\Users\mia\Downloads\Sample
2014-09-25 20:45 - 2014-09-25 20:43 - 192881041 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part4.rar
2014-09-25 20:43 - 2014-09-25 20:38 - 525336579 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part3.rar
2014-09-25 20:43 - 2014-09-25 20:38 - 525336579 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part2.rar
2014-09-25 20:43 - 2014-09-25 20:38 - 525336579 _____ () C:\Users\mia\Downloads\8cac72749b330a87724d8a36874c4f3e.part1.rar
2014-09-25 20:42 - 2014-09-25 20:42 - 01024790 _____ (Thisisu) C:\Users\mia\Desktop\JRT.exe
2014-09-25 20:40 - 2014-09-25 20:40 - 01373475 _____ () C:\Users\mia\Desktop\AdwCleaner_3.310.exe
2014-09-25 20:40 - 2014-09-25 20:40 - 00001516 _____ () C:\Users\mia\Desktop\mbam.txt
2014-09-25 20:33 - 2014-09-25 20:33 - 70436456 _____ () C:\Users\mia\Downloads\oyhd-verurteilten-1080p.part02.rar.part
2014-09-25 20:33 - 2014-09-25 20:33 - 58229952 _____ () C:\Users\mia\Downloads\oyhd-verurteilten-1080p.part01.rar.part
2014-09-25 20:33 - 2014-09-25 20:33 - 55307080 _____ () C:\Users\mia\Downloads\oyhd-verurteilten-1080p.part03.rar.part
2014-09-25 20:22 - 2014-09-25 20:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 20:22 - 2014-09-25 20:22 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-09-23 16:32 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-25 20:21 - 2014-09-25 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mia\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 20:01 - 2012-09-15 16:03 - 00000000 ____D () C:\Users\mia\Documents\Outlook-Dateien
2014-09-25 19:45 - 2014-09-24 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 15:47 - 2013-10-19 12:17 - 01648918 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-25 13:03 - 2014-09-25 12:14 - 00000000 ____D () C:\Qoobox
2014-09-25 13:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-25 13:02 - 2014-09-25 13:02 - 00022962 _____ () C:\ComboFix.txt
2014-09-25 13:00 - 2014-09-25 12:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 12:56 - 2014-09-21 00:03 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 12:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-25 12:48 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\system.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 106692608 _____ () C:\Windows\system32\config\software.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 05242880 _____ () C:\Windows\system32\config\default.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-25 12:09 - 2014-09-25 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:09 - 2014-09-25 12:08 - 05579290 ____R (Swearware) C:\Users\mia\Desktop\ComboFix.exe
2014-09-24 20:42 - 2014-09-24 20:42 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-24 20:42 - 2013-12-24 17:30 - 00000000 ____D () C:\Users\mia\AppData\Local\Mozilla
2014-09-24 19:30 - 2014-09-24 19:30 - 00040093 _____ () C:\Users\mia\Desktop\Gmer.txt
2014-09-24 19:07 - 2014-09-24 19:08 - 00380416 _____ () C:\Users\mia\Desktop\Gmer-19357.exe
2014-09-24 19:07 - 2014-09-24 19:07 - 00380416 _____ () C:\Users\mia\Downloads\Gmer-19357.exe
2014-09-24 19:05 - 2014-09-24 19:04 - 00045396 _____ () C:\Users\mia\Desktop\Addition.txt
2014-09-24 18:46 - 2014-09-24 18:46 - 00000468 _____ () C:\Users\mia\Downloads\defogger_disable.log
2014-09-24 18:46 - 2014-09-24 18:46 - 00000000 _____ () C:\Users\mia\defogger_reenable
2014-09-24 18:46 - 2012-09-08 10:17 - 00000000 ____D () C:\Users\mia
2014-09-24 18:45 - 2014-09-24 18:45 - 00050477 _____ () C:\Users\mia\Downloads\Defogger.exe
2014-09-24 09:29 - 2014-09-23 16:34 - 00000000 ___RD () C:\Users\mia\Documents\HP Photo Creations
2014-09-24 09:29 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-23 23:39 - 2014-09-23 23:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 23:39 - 2012-09-15 18:14 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-09-23 23:39 - 2009-07-14 06:45 - 00413896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 23:32 - 2012-09-08 10:18 - 00112040 _____ () C:\Users\mia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 23:19 - 2012-11-04 17:29 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-09-23 23:19 - 2012-11-04 17:29 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Canon
2014-09-23 22:45 - 2014-09-23 22:45 - 00000000 ____D () C:\Windows\pss
2014-09-23 22:42 - 2012-09-21 09:46 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Skype
2014-09-23 20:57 - 2012-11-01 13:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:57 - 2012-11-01 13:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:57 - 2012-11-01 13:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 19:12 - 2014-08-05 17:54 - 00000000 ____D () C:\Users\mia\Desktop\Doukumente
2014-09-23 17:42 - 2012-10-01 17:11 - 00000000 ____D () C:\Users\mia\AppData\Local\Windows Live
2014-09-23 16:34 - 2014-09-23 16:34 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Visan
2014-09-23 16:32 - 2014-09-23 16:32 - 00003338 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-09-23 16:32 - 2014-09-23 16:00 - 00002136 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-09-23 16:32 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\Visan
2014-09-23 16:23 - 2014-09-23 15:55 - 00000000 ____D () C:\Users\mia\AppData\Local\HP
2014-09-23 16:00 - 2014-09-23 16:00 - 00003602 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Users\mia\AppData\Roaming\HpUpdate
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-23 16:00 - 2014-09-23 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-23 16:00 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-23 15:59 - 2014-09-23 15:59 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00001163 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files\HP
2014-09-23 15:59 - 2014-09-23 15:45 - 00000000 ____D () C:\ProgramData\HP
2014-09-23 15:57 - 2014-09-23 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-22 20:36 - 2012-11-01 17:13 - 00000000 ____D () C:\Users\mia\AppData\Roaming\DAEMON Tools Lite
2014-09-22 20:36 - 2012-09-08 10:12 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 18:24 - 2013-09-11 15:48 - 00000000 ____D () C:\Users\mia\AppData\Local\Lexware
2014-09-21 17:00 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi
2014-09-21 12:13 - 2014-09-21 12:13 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-21 12:13 - 2010-12-20 12:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-21 08:55 - 2014-09-21 08:55 - 00018427 _____ () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg.htm
2014-09-21 08:55 - 2014-09-21 08:55 - 00000000 ____D () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg_files
2014-09-21 08:31 - 2014-09-21 08:31 - 00001247 _____ () C:\Users\mia\Desktop\IMG_1226 - Verknüpfung.lnk
2014-09-21 07:54 - 2014-09-21 07:54 - 00002170 _____ () C:\Users\mia\Desktop\P1040728 - Verknüpfung.lnk
2014-09-21 00:06 - 2012-09-21 09:31 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-21 00:03 - 2014-09-21 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 21:01 - 2014-08-05 17:53 - 00000000 ____D () C:\Users\mia\Desktop\Programme
2014-09-20 19:50 - 2014-09-20 19:50 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Cherry
2014-09-20 19:48 - 2014-09-20 19:48 - 00000000 ____D () C:\ProgramData\Cherry
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cherry
2014-09-20 13:00 - 2014-08-01 15:15 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Spotify
2014-09-20 12:55 - 2014-08-01 15:16 - 00000000 ____D () C:\Users\mia\AppData\Local\Spotify
2014-09-18 10:59 - 2014-09-18 10:59 - 00034304 _____ () C:\Users\mia\Documents\Zahlungsbestätigung Tom-Tom Radarkameras.msg
2014-09-16 14:48 - 2012-04-25 19:48 - 00000000 ____D () C:\Users\mia\Kopirte Archiv von alten PC
2014-09-13 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 00:02 - 2012-09-08 14:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:56 - 2013-08-14 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:22 - 2010-07-07 17:49 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:21 - 2014-05-06 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.rar
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r33
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r32
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r31
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r30
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r29
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r28
2014-09-09 09:43 - 2014-09-25 20:46 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r27
2014-09-09 09:43 - 2014-09-25 20:46 - 13021676 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r34
2014-09-09 09:43 - 2014-09-25 20:46 - 00001368 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.sfv
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r26
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r25
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r24
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r23
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r22
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r21
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r20
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r19
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r18
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r17
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r16
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r15
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r14
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r13
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r12
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r11
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r10
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r09
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r08
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r07
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r06
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r05
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r04
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r03
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r02
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r01
2014-09-09 09:43 - 2014-09-25 20:45 - 50000000 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.r00
2014-09-09 09:43 - 2014-09-25 20:45 - 00014438 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.nfo
2014-09-05 04:10 - 2014-09-11 18:19 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 18:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-09-03 13:54 - 2014-09-25 20:46 - 1745599808 _____ () C:\Users\mia\Downloads\nge-dverurt.dvdrip.x264.mkv
2014-09-01 15:01 - 2012-09-21 09:46 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\mia\AppData\Local\Temp\proxy_vole504461406602864427.dll
C:\Users\mia\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 15:47

==================== End Of Log ============================
--- --- ---

schrauber 26.09.2014 15:40

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Vibion 27.09.2014 08:58
ESET:
Code:
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=25342b4a10e3864e9fc53f25996d9e4d
# engine=20319
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-26 10:04:23
# local_time=2014-09-27 12:04:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 31833 43243485 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 38246194 163398913 0 0
# scanned=497844
# found=23
# cleaned=0
# scan_time=13093
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9C6C68EFAE364FC17008C32848E148F86D468C99 ft=1 fh=c71c0011e4b098f3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Local\NativeMessaging\CT3240727\1_0_0_6\TBMessagingHost.exe.vir"
sh=B1C5D9DC9A6493C66CD50B3767157CCFC4B4985E ft=1 fh=da713123607f778d vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Local\TBHostSupport\TBHostSupport.dll.vir"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Roaming\OpenCandy\434AC0E9C0BB49428E4D7BD50AFDC4FD\conduitinstaller.exe.vir"
sh=3E9175855D4EE9B6C044F1B0C6B1D4999654CBAF ft=1 fh=57b32e0bf5e7131d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mia\AppData\Roaming\OpenCandy\434AC0E9C0BB49428E4D7BD50AFDC4FD\Findr_ALL_p1v2.exe.vir"
sh=E88D89F2EA182D1C9A7248B178B0A4E487E0BC21 ft=1 fh=28e98c7539f090b7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Tools\MediaPack\Setup.exe"
SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45 
 Java version out of Date!
 Adobe Flash Player 15.0.0.152 
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
 Mozilla Firefox (32.0.3)
 Google Chrome 37.0.2062.120 
 Google Chrome 37.0.2062.124 
````````Process Check: objlist.exe by Laurent```````` 
 system32 OnlineCmdLineScanner.exe -?- 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by mia (administrator) on MIA-PC on 27-09-2014 09:52:43
Running from C:\Users\mia\Desktop
Loaded Profile: mia (Available profiles: mia & Nadja & postgres & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2170241872-3006662274-4178029837-1000\...\Run: [icq] => C:\Users\mia\AppData\Roaming\ICQM\icq.exe [27578728 2013-03-28] (ICQ)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/559fe7880fe9cdef8ee6776f7cfc53cb/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Premiumize.me - C:\Users\mia\AppData\Roaming\Mozilla\Firefox\Profiles\bzvs6ubh.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-09-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-20]
CHR Extension: (Google Drive) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
CHR Extension: (AdBlock) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-24]
CHR Extension: (Safe Money) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-25]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-25]
CHR Extension: (Virtual Keyboard) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-25]
CHR Extension: (Premiumize.me) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-07-24]
CHR Extension: (Google Wallet) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
CHR Extension: (Anti-Banner) - C:\Users\mia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [577582 2010-08-25] (ZF Electronics GmbH) [File not signed]
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2010-12-17] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2010-12-17] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-25] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 09:52 - 2014-09-27 09:52 - 00022541 _____ () C:\Users\mia\Desktop\FRST.txt
2014-09-27 09:45 - 2014-09-27 09:45 - 00854417 _____ () C:\Users\mia\Desktop\SecurityCheck.exe
2014-09-26 20:21 - 2014-09-26 20:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-26 20:17 - 2014-09-26 20:19 - 02347384 _____ (ESET) C:\Users\mia\Desktop\esetsmartinstaller_deu.exe
2014-09-26 08:04 - 2014-09-26 08:04 - 00002643 _____ () C:\Users\mia\Downloads\Studienkreditantrag.skr
2014-09-25 21:10 - 2014-09-25 21:10 - 00000000 ____D () C:\Users\mia\Desktop\FRST-OlderVersion
2014-09-25 20:55 - 2014-09-25 20:55 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 20:42 - 2014-09-25 20:42 - 01024790 _____ (Thisisu) C:\Users\mia\Desktop\JRT.exe
2014-09-25 20:40 - 2014-09-25 20:40 - 01373475 _____ () C:\Users\mia\Desktop\AdwCleaner_3.310.exe
2014-09-25 20:22 - 2014-09-25 20:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 20:22 - 2014-09-25 20:22 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 20:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 20:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 20:21 - 2014-09-25 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mia\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 13:02 - 2014-09-25 13:02 - 00022962 _____ () C:\ComboFix.txt
2014-09-25 12:14 - 2014-09-25 13:03 - 00000000 ____D () C:\Qoobox
2014-09-25 12:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-25 12:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-25 12:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-25 12:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-25 12:12 - 2014-09-25 13:00 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 12:09 - 2014-09-25 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:08 - 2014-09-25 12:09 - 05579290 ____R (Swearware) C:\Users\mia\Desktop\ComboFix.exe
2014-09-24 20:42 - 2014-09-25 19:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:42 - 2014-09-24 20:42 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-24 19:08 - 2014-09-24 19:07 - 00380416 _____ () C:\Users\mia\Desktop\Gmer-19357.exe
2014-09-24 19:03 - 2014-09-27 09:52 - 00000000 ____D () C:\FRST
2014-09-24 18:59 - 2014-09-25 21:10 - 02108928 _____ (Farbar) C:\Users\mia\Desktop\FRST64.exe
2014-09-24 18:46 - 2014-09-24 18:46 - 00000468 _____ () C:\Users\mia\Downloads\defogger_disable.log
2014-09-24 18:46 - 2014-09-24 18:46 - 00000000 _____ () C:\Users\mia\defogger_reenable
2014-09-24 18:45 - 2014-09-24 18:45 - 00050477 _____ () C:\Users\mia\Downloads\Defogger.exe
2014-09-24 12:28 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:28 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:39 - 2014-09-26 15:13 - 00002688 _____ () C:\Windows\setupact.log
2014-09-23 23:39 - 2014-09-25 20:50 - 00003064 _____ () C:\Windows\PFRO.log
2014-09-23 23:39 - 2014-09-23 23:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 22:45 - 2014-09-23 22:45 - 00000000 ____D () C:\Windows\pss
2014-09-23 16:34 - 2014-09-24 09:29 - 00000000 ___RD () C:\Users\mia\Documents\HP Photo Creations
2014-09-23 16:34 - 2014-09-23 16:34 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Visan
2014-09-23 16:32 - 2014-09-27 09:22 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-23 16:32 - 2014-09-23 16:32 - 00003338 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-09-23 16:00 - 2014-09-24 09:29 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:32 - 00002136 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-09-23 16:00 - 2014-09-23 16:32 - 00000000 ____D () C:\ProgramData\Visan
2014-09-23 16:00 - 2014-09-23 16:00 - 00003602 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Users\mia\AppData\Roaming\HpUpdate
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-23 15:59 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-23 15:59 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-23 15:59 - 2014-09-23 15:59 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00001163 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files\HP
2014-09-23 15:59 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2014-09-23 15:57 - 2014-09-23 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-23 15:55 - 2014-09-23 16:23 - 00000000 ____D () C:\Users\mia\AppData\Local\HP
2014-09-23 15:45 - 2014-09-23 15:59 - 00000000 ____D () C:\ProgramData\HP
2014-09-21 22:53 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAD.DLL
2014-09-21 22:15 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAD.DLL
2014-09-21 17:00 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi
2014-09-21 12:13 - 2014-09-21 12:13 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-21 08:55 - 2014-09-21 08:55 - 00018427 _____ () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg.htm
2014-09-21 08:55 - 2014-09-21 08:55 - 00000000 ____D () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg_files
2014-09-21 08:31 - 2014-09-21 08:31 - 00001247 _____ () C:\Users\mia\Desktop\IMG_1226 - Verknüpfung.lnk
2014-09-21 07:54 - 2014-09-21 07:54 - 00002170 _____ () C:\Users\mia\Desktop\P1040728 - Verknüpfung.lnk
2014-09-21 00:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 00:05 - 2014-09-25 20:49 - 00000000 ____D () C:\AdwCleaner
2014-09-21 00:03 - 2014-09-25 12:56 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 00:03 - 2014-09-21 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 19:50 - 2014-09-20 19:50 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Cherry
2014-09-20 19:48 - 2014-09-20 19:48 - 00000000 ____D () C:\ProgramData\Cherry
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cherry
2014-09-18 10:59 - 2014-09-18 10:59 - 00034304 _____ () C:\Users\mia\Documents\Zahlungsbestätigung Tom-Tom Radarkameras.msg
2014-09-12 00:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 23:21 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 18:20 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 18:20 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 18:19 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 18:19 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-28 21:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 21:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 21:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 09:53 - 2014-09-27 09:52 - 00022541 _____ () C:\Users\mia\Desktop\FRST.txt
2014-09-27 09:53 - 2012-09-08 10:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 09:52 - 2014-09-24 19:03 - 00000000 ____D () C:\FRST
2014-09-27 09:45 - 2014-09-27 09:45 - 00854417 _____ () C:\Users\mia\Desktop\SecurityCheck.exe
2014-09-27 09:22 - 2014-09-23 16:32 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-27 08:55 - 2012-11-01 13:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 08:39 - 2013-12-25 09:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-27 06:07 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 06:07 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 06:03 - 2012-09-08 10:08 - 01337299 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 00:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 22:54 - 2012-09-15 16:03 - 00000000 ____D () C:\Users\mia\Documents\Outlook-Dateien
2014-09-26 21:20 - 2012-10-01 17:11 - 00000000 ____D () C:\Users\mia\AppData\Local\Windows Live
2014-09-26 20:21 - 2014-09-26 20:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-26 20:19 - 2014-09-26 20:17 - 02347384 _____ (ESET) C:\Users\mia\Desktop\esetsmartinstaller_deu.exe
2014-09-26 20:18 - 2010-05-12 10:18 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 20:18 - 2010-05-12 10:18 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 20:18 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 15:16 - 2012-09-08 10:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 15:13 - 2014-09-23 23:39 - 00002688 _____ () C:\Windows\setupact.log
2014-09-26 15:13 - 2010-12-20 10:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-26 15:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 08:17 - 2014-08-05 17:32 - 00000000 ____D () C:\Users\mia\Downloads\Dokumente
2014-09-26 08:04 - 2014-09-26 08:04 - 00002643 _____ () C:\Users\mia\Downloads\Studienkreditantrag.skr
2014-09-25 21:10 - 2014-09-25 21:10 - 00000000 ____D () C:\Users\mia\Desktop\FRST-OlderVersion
2014-09-25 21:10 - 2014-09-24 18:59 - 02108928 _____ (Farbar) C:\Users\mia\Desktop\FRST64.exe
2014-09-25 21:03 - 2012-12-05 15:51 - 00000000 ____D () C:\Users\mia\AppData\Roaming\vlc
2014-09-25 20:55 - 2014-09-25 20:55 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 20:50 - 2014-09-23 23:39 - 00003064 _____ () C:\Windows\PFRO.log
2014-09-25 20:49 - 2014-09-21 00:05 - 00000000 ____D () C:\AdwCleaner
2014-09-25 20:47 - 2014-08-22 21:45 - 00000000 ____D () C:\Users\mia\AppData\Local\JDownloader v2.0
2014-09-25 20:42 - 2014-09-25 20:42 - 01024790 _____ (Thisisu) C:\Users\mia\Desktop\JRT.exe
2014-09-25 20:40 - 2014-09-25 20:40 - 01373475 _____ () C:\Users\mia\Desktop\AdwCleaner_3.310.exe
2014-09-25 20:22 - 2014-09-25 20:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 20:22 - 2014-09-25 20:22 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 20:21 - 2014-09-25 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mia\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 19:45 - 2014-09-24 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 15:47 - 2013-10-19 12:17 - 01648918 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-25 13:03 - 2014-09-25 12:14 - 00000000 ____D () C:\Qoobox
2014-09-25 13:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-25 13:02 - 2014-09-25 13:02 - 00022962 _____ () C:\ComboFix.txt
2014-09-25 13:00 - 2014-09-25 12:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 12:56 - 2014-09-21 00:03 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 12:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-25 12:48 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\system.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 106692608 _____ () C:\Windows\system32\config\software.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 05242880 _____ () C:\Windows\system32\config\default.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-25 12:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-25 12:09 - 2014-09-25 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:09 - 2014-09-25 12:08 - 05579290 ____R (Swearware) C:\Users\mia\Desktop\ComboFix.exe
2014-09-24 20:42 - 2014-09-24 20:42 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-24 20:42 - 2014-09-24 20:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-24 20:42 - 2013-12-24 17:30 - 00000000 ____D () C:\Users\mia\AppData\Local\Mozilla
2014-09-24 19:07 - 2014-09-24 19:08 - 00380416 _____ () C:\Users\mia\Desktop\Gmer-19357.exe
2014-09-24 18:46 - 2014-09-24 18:46 - 00000468 _____ () C:\Users\mia\Downloads\defogger_disable.log
2014-09-24 18:46 - 2014-09-24 18:46 - 00000000 _____ () C:\Users\mia\defogger_reenable
2014-09-24 18:46 - 2012-09-08 10:17 - 00000000 ____D () C:\Users\mia
2014-09-24 18:45 - 2014-09-24 18:45 - 00050477 _____ () C:\Users\mia\Downloads\Defogger.exe
2014-09-24 09:29 - 2014-09-23 16:34 - 00000000 ___RD () C:\Users\mia\Documents\HP Photo Creations
2014-09-24 09:29 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-23 23:39 - 2014-09-23 23:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 23:39 - 2012-09-15 18:14 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-09-23 23:39 - 2009-07-14 06:45 - 00413896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 23:32 - 2012-09-08 10:18 - 00112040 _____ () C:\Users\mia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 23:19 - 2012-11-04 17:29 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-09-23 23:19 - 2012-11-04 17:29 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Canon
2014-09-23 22:45 - 2014-09-23 22:45 - 00000000 ____D () C:\Windows\pss
2014-09-23 22:42 - 2012-09-21 09:46 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Skype
2014-09-23 20:57 - 2012-11-01 13:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:57 - 2012-11-01 13:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 20:57 - 2012-11-01 13:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 19:12 - 2014-08-05 17:54 - 00000000 ____D () C:\Users\mia\Desktop\Doukumente
2014-09-23 16:34 - 2014-09-23 16:34 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Visan
2014-09-23 16:32 - 2014-09-23 16:32 - 00003338 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-09-23 16:32 - 2014-09-23 16:00 - 00002136 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-09-23 16:32 - 2014-09-23 16:00 - 00000000 ____D () C:\ProgramData\Visan
2014-09-23 16:23 - 2014-09-23 15:55 - 00000000 ____D () C:\Users\mia\AppData\Local\HP
2014-09-23 16:00 - 2014-09-23 16:00 - 00003602 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Users\mia\AppData\Roaming\HpUpdate
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-09-23 16:00 - 2014-09-23 16:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-23 16:00 - 2014-09-23 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-23 16:00 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-23 15:59 - 2014-09-23 15:59 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00001163 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 2540 series.lnk
2014-09-23 15:59 - 2014-09-23 15:59 - 00000000 ____D () C:\Program Files\HP
2014-09-23 15:59 - 2014-09-23 15:45 - 00000000 ____D () C:\ProgramData\HP
2014-09-23 15:57 - 2014-09-23 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-22 20:36 - 2012-11-01 17:13 - 00000000 ____D () C:\Users\mia\AppData\Roaming\DAEMON Tools Lite
2014-09-22 20:36 - 2012-09-08 10:12 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 18:24 - 2013-09-11 15:48 - 00000000 ____D () C:\Users\mia\AppData\Local\Lexware
2014-09-21 17:00 - 2014-09-21 17:00 - 00000000 ____D () C:\Users\mia\Desktop\QuickSteuer_Deluxe_2014_Dasi
2014-09-21 12:13 - 2014-09-21 12:13 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-21 12:13 - 2010-12-20 12:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-21 08:55 - 2014-09-21 08:55 - 00018427 _____ () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg.htm
2014-09-21 08:55 - 2014-09-21 08:55 - 00000000 ____D () C:\Users\mia\Desktop\Google-Ergebnis für http  www.vorher-nachher-frisuren.de frisuren-bilder best-ager-kurzhaarfrisur-umstyling-d2.jpg_files
2014-09-21 08:31 - 2014-09-21 08:31 - 00001247 _____ () C:\Users\mia\Desktop\IMG_1226 - Verknüpfung.lnk
2014-09-21 07:54 - 2014-09-21 07:54 - 00002170 _____ () C:\Users\mia\Desktop\P1040728 - Verknüpfung.lnk
2014-09-21 00:06 - 2012-09-21 09:31 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-21 00:03 - 2014-09-21 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-20 21:01 - 2014-08-05 17:53 - 00000000 ____D () C:\Users\mia\Desktop\Programme
2014-09-20 19:50 - 2014-09-20 19:50 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Cherry
2014-09-20 19:48 - 2014-09-20 19:48 - 00000000 ____D () C:\ProgramData\Cherry
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
2014-09-20 19:47 - 2014-09-20 19:47 - 00000000 ____D () C:\Program Files (x86)\Cherry
2014-09-20 13:00 - 2014-08-01 15:15 - 00000000 ____D () C:\Users\mia\AppData\Roaming\Spotify
2014-09-20 12:55 - 2014-08-01 15:16 - 00000000 ____D () C:\Users\mia\AppData\Local\Spotify
2014-09-18 10:59 - 2014-09-18 10:59 - 00034304 _____ () C:\Users\mia\Documents\Zahlungsbestätigung Tom-Tom Radarkameras.msg
2014-09-16 14:48 - 2012-04-25 19:48 - 00000000 ____D () C:\Users\mia\Kopirte Archiv von alten PC
2014-09-12 00:02 - 2012-09-08 14:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:56 - 2013-08-14 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:22 - 2010-07-07 17:49 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:21 - 2014-05-06 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 00:11 - 2014-09-24 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:47 - 2014-09-24 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-05 04:10 - 2014-09-11 18:19 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 18:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-09-01 15:01 - 2012-09-21 09:46 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\mia\AppData\Local\Temp\proxy_vole504461406602864427.dll
C:\Users\mia\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 00:46

==================== End Of Log ============================
--- --- ---


Bis jetzt ist er noch nicht wieder hängen geblieben. Ist auf jeden Fall besser geworden :)
Danke für die Hilfe. Tolles Board!

schrauber 27.09.2014 19:25
Java und Adobe updaten.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Vibion 30.09.2014 12:52
Ist alles erledigt :)
Vielen Dank für deine Hilfe und großes Lob an dich!

schrauber 01.10.2014 07:51
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131