Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win8.1: Firefox: ständige neue Werbefenster und Werbelinks im Text (https://www.trojaner-board.de/153274-win8-1-firefox-staendige-neue-werbefenster-werbelinks-text.html)

Doreen1979 02.05.2014 21:45
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Kalle (administrator) on WOHNZIMMERPC2 on 02-05-2014 22:38:27
Running from C:\Users\kL95eS54wA\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-15] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-04] (CANON INC.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-10-16] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_04bb7c0eb298422689aaa33b476816cf_39_1006_20130610_DE_ie_sp_
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323745&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF1B445CF-95A7-4DA3-9E2B-64FAF8D25092&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default
FF SearchEngineOrder.1: Amazon
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_04bb7c0eb298422689aaa33b476816cf_39_1006_20130610_DE_ff_ab_&tag=bds-p23-serp-de-ff-21&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: SaveClicker - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net [2014-04-22]
FF Extension: ep - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-21]
FF Extension: GMX MailCheck - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\toolbar@gmx.net.xpi [2013-02-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-03-27]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SaveClicker) - C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

==================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
U0 ixfdr; C:\Windows\System32\drivers\pnvdy.sys [79064 2014-05-02] (Malwarebytes Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-03] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-04-03] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4293672 2012-09-13] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-02 22:36 - 2014-05-02 22:36 - 00000000 ____D () C:\Users\kL95eS54wA\Desktop\FRST-OlderVersion
2014-05-02 22:29 - 2014-05-02 22:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\pnvdy.sys
2014-05-02 21:59 - 2014-05-02 21:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 21:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 21:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 21:51 - 2014-05-02 21:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 21:50 - 2014-05-02 21:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\kL95eS54wA\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 21:50 - 2014-05-02 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 21:38 - 2014-05-02 21:38 - 00001259 _____ () C:\Users\kL95eS54wA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-05-02 21:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 21:28 - 2014-05-02 21:34 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:17 - 2014-05-02 21:17 - 00001079 _____ () C:\Users\kL95eS54wA\Desktop\7z920.exe - Verknüpfung.lnk
2014-05-02 20:48 - 2014-05-02 20:48 - 03007700 _____ () C:\Users\kL95eS54wA\Desktop\revouninstaller.zip
2014-05-02 20:29 - 2014-05-02 20:30 - 01310621 _____ () C:\Users\kL95eS54wA\Desktop\adwcleaner.exe
2014-04-30 21:21 - 2014-04-30 21:22 - 00030319 _____ () C:\Users\kL95eS54wA\Desktop\Addition.txt
2014-04-30 21:19 - 2014-05-02 22:38 - 00016928 _____ () C:\Users\kL95eS54wA\Desktop\FRST.txt
2014-04-30 21:18 - 2014-05-02 22:38 - 00000000 ____D () C:\FRST
2014-04-30 21:18 - 2014-05-02 22:36 - 02062336 _____ (Farbar) C:\Users\kL95eS54wA\Desktop\FRST64.exe
2014-04-25 21:32 - 2014-04-25 21:57 - 00001621 _____ () C:\Users\kL95eS54wA\Desktop\Continue NoScript.lnk
2014-04-24 13:49 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-24 13:49 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-24 13:49 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 13:49 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-24 13:49 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 13:49 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-24 13:48 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-24 13:48 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-24 13:48 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-24 13:47 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-24 13:47 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-24 13:47 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-24 13:47 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-24 13:47 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-24 13:47 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-24 13:47 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-24 13:47 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-24 13:47 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-24 13:47 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-24 13:47 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-22 20:56 - 2014-05-02 21:35 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-22 20:56 - 2014-05-02 20:58 - 00000000 ____D () C:\ProgramData\54a64e893474769f
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator
2014-04-22 20:55 - 2014-04-22 20:55 - 00533536 _____ () C:\Users\kL95eS54wA\Desktop\noscript-2.6.4.4-fx+fn+sm.xpi
2014-04-19 13:18 - 2014-04-19 13:18 - 02478040 _____ (Flawless Technology) C:\Users\kL95eS54wA\Downloads\Codec.exe
2014-04-15 18:39 - 2014-04-15 18:48 - 00001738 _____ () C:\Users\kL95eS54wA\Desktop\Continue FLV Player.lnk
2014-04-15 15:14 - 2014-04-15 15:14 - 00306992 _____ () C:\Windows\Minidump\041514-22390-01.dmp
2014-04-14 13:39 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 13:39 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 13:33 - 2014-04-30 19:13 - 11355008 _____ (Reimage®) C:\TRANSLATE
2014-04-14 13:30 - 2014-04-14 13:31 - 07448776 _____ () C:\Users\kL95eS54wA\Downloads\Infigo_setup.exe
2014-04-13 21:50 - 2014-04-13 21:50 - 01299376 _____ (Uniblue Systems Limited ) C:\Users\kL95eS54wA\Downloads\speedupmypc_2570068_.exe
2014-04-13 20:42 - 2014-04-13 20:43 - 00755637 _____ () C:\Users\kL95eS54wA\Downloads\PCSpeedRepairSetup.exe.part
2014-04-11 09:31 - 2014-04-11 09:31 - 00000000 ____D () C:\rei
2014-04-11 09:29 - 2014-04-11 09:29 - 00003069 _____ () C:\Users\kL95eS54wA\Desktop\DownQuick.lnk
2014-04-11 09:29 - 2014-04-11 09:29 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Roaming\downquick
2014-04-11 09:28 - 2014-04-30 19:12 - 00000936 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-04-11 09:27 - 2014-04-30 19:12 - 00000099 _____ () C:\Windows\Reimage.ini
2014-04-11 09:27 - 2014-04-11 09:27 - 00785928 _____ (Reimage®) C:\Users\kL95eS54wA\Downloads\ReimageRepair.exe
2014-04-10 21:59 - 2014-04-10 22:07 - 04441904 _____ () C:\Users\kL95eS54wA\Downloads\avira_de_av___ws.exe
2014-04-10 20:52 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 20:52 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-10 20:52 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-10 20:52 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 11:25 - 2014-04-09 11:25 - 00001143 _____ () C:\Users\Public\Desktop\Optimizer Elite Max.lnk
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
2014-04-08 22:11 - 2014-04-08 22:12 - 00609316 _____ () C:\Users\kL95eS54wA\Downloads\Player_Setup.exe
2014-04-08 22:01 - 2014-04-08 22:02 - 01337596 _____ () C:\Users\kL95eS54wA\Downloads\CodecPerformerSetup.exe
2014-04-08 20:45 - 2014-04-08 20:45 - 00605757 _____ () C:\Users\kL95eS54wA\Downloads\Java.exe
2014-04-07 18:40 - 2014-04-07 18:48 - 02276016 _____ () C:\Users\kL95eS54wA\Downloads\avira_pc_cleaner_de.exe
2014-04-06 20:50 - 2014-04-06 20:51 - 00323384 _____ () C:\Windows\Minidump\040614-30406-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-02 22:38 - 2014-04-30 21:19 - 00016928 _____ () C:\Users\kL95eS54wA\Desktop\FRST.txt
2014-05-02 22:38 - 2014-04-30 21:18 - 00000000 ____D () C:\FRST
2014-05-02 22:36 - 2014-05-02 22:36 - 00000000 ____D () C:\Users\kL95eS54wA\Desktop\FRST-OlderVersion
2014-05-02 22:36 - 2014-04-30 21:18 - 02062336 _____ (Farbar) C:\Users\kL95eS54wA\Desktop\FRST64.exe
2014-05-02 22:29 - 2014-05-02 22:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\pnvdy.sys
2014-05-02 22:29 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-05-02 22:28 - 2014-02-04 19:14 - 00000000 ____D () C:\ProgramData\WPM
2014-05-02 22:28 - 2013-04-28 20:15 - 00000000 ____D () C:\ProgramData\Iminent
2014-05-02 22:28 - 2013-04-20 16:09 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-02 22:12 - 2012-12-21 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-02 22:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-02 21:59 - 2014-05-02 21:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-05-02 21:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 21:53 - 2012-12-13 11:43 - 02052935 _____ () C:\Windows\WindowsUpdate.log
2014-05-02 21:50 - 2014-05-02 21:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\kL95eS54wA\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 21:50 - 2014-05-02 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 21:42 - 2012-12-13 11:50 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-394354521-1439425215-4275879579-1001
2014-05-02 21:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-02 21:38 - 2014-05-02 21:38 - 00001259 _____ () C:\Users\kL95eS54wA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-05-02 21:38 - 2012-09-22 06:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-02 21:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 21:35 - 2014-04-22 20:56 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-05-02 21:35 - 2012-09-21 17:30 - 00029542 _____ () C:\Windows\PFRO.log
2014-05-02 21:34 - 2014-05-02 21:28 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:32 - 2012-12-13 11:43 - 00000000 ____D () C:\Users\kL95eS54wA
2014-05-02 21:32 - 2012-09-24 08:28 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-05-02 21:32 - 2012-09-24 08:28 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-05-02 21:17 - 2014-05-02 21:17 - 00001079 _____ () C:\Users\kL95eS54wA\Desktop\7z920.exe - Verknüpfung.lnk
2014-05-02 21:12 - 2012-12-21 18:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-02 20:58 - 2014-04-22 20:56 - 00000000 ____D () C:\ProgramData\54a64e893474769f
2014-05-02 20:51 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-02 20:48 - 2014-05-02 20:48 - 03007700 _____ () C:\Users\kL95eS54wA\Desktop\revouninstaller.zip
2014-05-02 20:36 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-02 20:30 - 2014-05-02 20:29 - 01310621 _____ () C:\Users\kL95eS54wA\Desktop\adwcleaner.exe
2014-05-01 20:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 21:28 - 2012-09-21 16:58 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-30 21:28 - 2012-09-21 16:58 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-30 21:28 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 21:27 - 2013-11-17 19:14 - 00000000 ____D () C:\Users\kL95eS54wA\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-04-30 21:22 - 2014-04-30 21:21 - 00030319 _____ () C:\Users\kL95eS54wA\Desktop\Addition.txt
2014-04-30 21:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-30 19:13 - 2014-04-14 13:33 - 11355008 _____ (Reimage®) C:\TRANSLATE
2014-04-30 19:12 - 2014-04-11 09:28 - 00000936 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-04-30 19:12 - 2014-04-11 09:27 - 00000099 _____ () C:\Windows\Reimage.ini
2014-04-25 21:57 - 2014-04-25 21:32 - 00001621 _____ () C:\Users\kL95eS54wA\Desktop\Continue NoScript.lnk
2014-04-25 21:20 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-25 21:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-23 01:47 - 2013-12-15 14:47 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-23 01:47 - 2013-12-15 14:47 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-22 22:36 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator
2014-04-22 20:55 - 2014-04-22 20:55 - 00533536 _____ () C:\Users\kL95eS54wA\Desktop\noscript-2.6.4.4-fx+fn+sm.xpi
2014-04-21 21:55 - 2013-12-20 22:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-19 13:18 - 2014-04-19 13:18 - 02478040 _____ (Flawless Technology) C:\Users\kL95eS54wA\Downloads\Codec.exe
2014-04-18 13:52 - 2014-02-04 19:13 - 00001037 _____ () C:\Users\Public\Desktop\VideoPlayer.lnk
2014-04-16 10:58 - 2013-07-21 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 18:48 - 2014-04-15 18:39 - 00001738 _____ () C:\Users\kL95eS54wA\Desktop\Continue FLV Player.lnk
2014-04-15 15:14 - 2014-04-15 15:14 - 00306992 _____ () C:\Windows\Minidump\041514-22390-01.dmp
2014-04-15 15:14 - 2013-01-05 16:05 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 15:13 - 2013-01-05 16:05 - 717655346 _____ () C:\Windows\MEMORY.DMP
2014-04-15 15:13 - 2012-12-13 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 13:31 - 2014-04-14 13:30 - 07448776 _____ () C:\Users\kL95eS54wA\Downloads\Infigo_setup.exe
2014-04-14 13:03 - 2012-12-13 19:49 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-14 13:03 - 2012-12-13 19:49 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-13 21:50 - 2014-04-13 21:50 - 01299376 _____ (Uniblue Systems Limited ) C:\Users\kL95eS54wA\Downloads\speedupmypc_2570068_.exe
2014-04-13 20:43 - 2014-04-13 20:42 - 00755637 _____ () C:\Users\kL95eS54wA\Downloads\PCSpeedRepairSetup.exe.part
2014-04-11 09:31 - 2014-04-11 09:31 - 00000000 ____D () C:\rei
2014-04-11 09:29 - 2014-04-11 09:29 - 00003069 _____ () C:\Users\kL95eS54wA\Desktop\DownQuick.lnk
2014-04-11 09:29 - 2014-04-11 09:29 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Roaming\downquick
2014-04-11 09:27 - 2014-04-11 09:27 - 00785928 _____ (Reimage®) C:\Users\kL95eS54wA\Downloads\ReimageRepair.exe
2014-04-10 22:07 - 2014-04-10 21:59 - 04441904 _____ () C:\Users\kL95eS54wA\Downloads\avira_de_av___ws.exe
2014-04-09 11:25 - 2014-04-09 11:25 - 00001143 _____ () C:\Users\Public\Desktop\Optimizer Elite Max.lnk
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
2014-04-08 22:12 - 2014-04-08 22:11 - 00609316 _____ () C:\Users\kL95eS54wA\Downloads\Player_Setup.exe
2014-04-08 22:02 - 2014-04-08 22:01 - 01337596 _____ () C:\Users\kL95eS54wA\Downloads\CodecPerformerSetup.exe
2014-04-08 20:45 - 2014-04-08 20:45 - 00605757 _____ () C:\Users\kL95eS54wA\Downloads\Java.exe
2014-04-07 18:48 - 2014-04-07 18:40 - 02276016 _____ () C:\Users\kL95eS54wA\Downloads\avira_pc_cleaner_de.exe
2014-04-06 20:51 - 2014-04-06 20:50 - 00323384 _____ () C:\Windows\Minidump\040614-30406-01.dmp
2014-04-03 14:52 - 2012-08-02 15:09 - 00030304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-04-03 14:52 - 2012-06-19 18:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-03 14:50 - 2012-07-26 09:21 - 00026401 _____ () C:\Windows\setupact.log
2014-04-03 09:51 - 2014-05-02 21:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 21:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 21:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5432.dll


Some content of TEMP:
====================
C:\Users\kL95eS54wA\AppData\Local\Temp\294823_.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\2A91_SoftwareUpdaterSetupC.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air1FFF.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air2AA7.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air3F82.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air8D70.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air995C.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airBA03.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airBCB4.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airC0C8.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airC56.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\appinstal1.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\appinstall.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\AppLauncher.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\COMAP.EXE
C:\Users\kL95eS54wA\AppData\Local\Temp\EnableExtDll.dll
C:\Users\kL95eS54wA\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\install_reader11_de_mssa_aih.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\instract.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\Quarantine.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\qyfq_hyz.dll
C:\Users\kL95eS54wA\AppData\Local\Temp\rcpsetup_isppi.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\ReimagePackage.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\Setup-a.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 20:29

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Kalle at 2014-05-02 22:38:54
Running from C:\Users\kL95eS54wA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Canon iP4500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E671D411-5F2E-45D6-957C-EB78641192AB}) (Version: 15.05.4000.1515 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.12 - Synaptics Incorporated)

==================== Restore Points  =========================

13-04-2014 19:49:04 Windows Update
18-04-2014 11:52:57 Uniblue SpeedUpMyPC installation
24-04-2014 11:45:09 Windows Update
02-05-2014 19:00:00 Removed SavingsbullFilter

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3A5B7984-2273-4770-9AEB-26AAA451A9A5} - \10fcd52a-441c-4ca3-905c-fbc24d50f8b3-3 No Task File <==== ATTENTION
Task: {4C746654-798A-4190-BDC8-2E7E10C85B21} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {524BAB1F-BECE-4E7D-9F25-B6169409DE4A} - \PC Performer_DEFAULT No Task File <==== ATTENTION
Task: {62E4F1B6-B2AB-44C0-AC8D-7E6BA402B5FD} - \10fcd52a-441c-4ca3-905c-fbc24d50f8b3-5 No Task File <==== ATTENTION
Task: {63857AF5-A39B-4F4B-A22E-DAD3A68BD67E} - \SaveSenseLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {665A75E5-7AA9-4287-A0A1-11749CB4D8FB} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {678F29DD-874C-4D34-9402-EC554DD971AE} - \AmiUpdXp No Task File <==== ATTENTION
Task: {71E05470-F6DD-44E7-94DE-41E46A20F903} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-05] (Synaptics Incorporated)
Task: {871E9D99-A49D-41E1-AF64-B03A03902A6F} - \10fcd52a-441c-4ca3-905c-fbc24d50f8b3-4 No Task File <==== ATTENTION
Task: {8F5D19BE-17A6-4A79-9618-2373AF9AEA29} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7B1A6AE-C875-48B5-93A5-1C4A239FD776} - \SaveSense No Task File <==== ATTENTION
Task: {BC5EDED4-F97E-47A6-89BB-2932D155446E} - \PC Performer_UPDATES No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C989F783-9D13-4DF7-A3F5-5829139E11D0} - \Happy Lyrics Update No Task File <==== ATTENTION
Task: {D42EC5A4-B80F-447B-B4BC-F5851F145149} - \10fcd52a-441c-4ca3-905c-fbc24d50f8b3-1 No Task File <==== ATTENTION
Task: {EA6AC4FF-38F4-4175-A8E4-78342BD20D03} - \PC Performer No Task File <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3E5567B-0203-40BE-A331-7DC0DE760EFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02] (Adobe Systems Incorporated)
Task: {FE2AF849-FFFA-4B85-BEB4-DFD97A419300} - \10fcd52a-441c-4ca3-905c-fbc24d50f8b3-2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-09-24 06:08 - 2009-12-18 15:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2012-09-24 06:08 - 2011-10-13 14:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2012-09-22 05:28 - 2010-08-19 11:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-09-24 06:08 - 2012-09-14 13:17 - 00844288 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2012-09-24 06:08 - 2010-01-12 17:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-09-24 06:08 - 2010-01-12 17:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2012-09-24 06:08 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2012-09-24 06:08 - 2012-03-27 20:48 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-09-22 05:31 - 2012-09-04 15:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-09-24 06:08 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-09-24 06:08 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2012-09-22 05:26 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-12-20 19:20 - 2012-12-20 19:20 - 00068616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\QtWebKit\qmlwebkitplugin4.dll
2013-12-20 22:12 - 2012-11-29 10:26 - 02397152 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-26 10:28 - 2014-02-26 10:28 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\eff6223bc4aa6753033b06e93d2774af\PSIClient.ni.dll
2012-09-24 05:26 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2014 10:13:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:59:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:59:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:58:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:57:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:57:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:55:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:54:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:54:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/02/2014 09:50:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (05/02/2014 08:56:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193

Error: (05/02/2014 08:56:24 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎05.‎2014 um 20:51:35 unerwartet heruntergefahren.

Error: (05/02/2014 08:51:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193

Error: (05/02/2014 08:11:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193

Error: (05/02/2014 08:11:28 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎05.‎2014 um 20:08:57 unerwartet heruntergefahren.

Error: (05/01/2014 09:51:53 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (05/01/2014 07:57:03 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FBCE919F-74F4-4345-8261-4F8F29C1520C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/27/2014 06:31:44 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FBCE919F-74F4-4345-8261-4F8F29C1520C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/27/2014 02:19:26 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (04/26/2014 11:43:24 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.


Microsoft Office Sessions:
=========================
Error: (05/02/2014 10:13:02 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:59:17 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:59:16 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:58:17 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:57:37 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:57:37 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:55:20 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:54:29 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:54:25 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0

Error: (05/02/2014 09:50:21 PM) (Source: SideBySide)(User: )
Description: C:\Users\kL95eS54wA\Downloads\Player_Setup.exeC:\Users\kL95eS54wA\Downloads\Player_Setup.exe0


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3972.65 MB
Available physical RAM: 2531.86 MB
Total Pagefile: 8068.65 MB
Available Pagefile: 6418.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:352.25 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3A192899)

Partition: GPT Partition Type.

==================== End Of Log ============================
kann wieder mit dem browser auf die seite :Boogie:

deeprybka 02.05.2014 22:09
Zitat:
Zitat von Doreen1979 (Beitrag 1294610)
kann wieder mit dem browser auf die seite :Boogie:
Na das ist doch schön... ;)

Zitat:
Unter Erkennung und Schutz sollte ein Haken bei "Suche nach Rootkits" sein.
;)

Morgen gibt es weitere Anweisungen... :)

Doreen1979 02.05.2014 22:29
Oh hab ich was falsch gemacht?

Auf jeden Fall schonmal VIELEN DANK!!! :daumenhoc:

Oh ich weiß was.... So ein Mist!!! Vor lauter Englisch hab ich das dann total vergessen sorry!!!!! Lass den Scan grad nochmal laufen ;) hoffe das bringt was.....
Oh man das ärgert mich aber jetzt :(

:headbang:

deeprybka 02.05.2014 22:31
Ne, kein Problem.
Poste einfach das Log von MBAM und dann ist schon alles OK! :daumenhoc

Doreen1979 02.05.2014 22:56
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.05.2014
Suchlauf-Zeit: 23:46:31
Logdatei:
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.02.11
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Kalle

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 283974
Verstrichene Zeit: 20 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

So jetzt nochmal mit häckchen in suche nach rootkits :)

dann schönen abend bzw. gute nacht ;)

deeprybka 02.05.2014 23:01
Perfekt!

:daumenhoc

Gute Nacht!

deeprybka 03.05.2014 11:00
Weiter gehts.... ;)


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323745&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF1B445CF-95A7-4DA3-9E2B-64FAF8D25092&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx [2012-12-28]
CHR Extension: (SaveClicker) - C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck [2014-04-22]
C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck
FF Extension: SaveClicker - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net [2014-04-22]
C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net
2014-05-02 22:28 - 2013-04-28 20:15 - 00000000 ____D () C:\ProgramData\Iminent
C:\Users\Public\AlexaNSISPlugin.5432.dll
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3


http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Doreen1979 03.05.2014 22:02
guten Abend :)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Kalle at 2014-05-03 19:39:27 Run:1
Running from C:\Users\kL95eS54wA\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323745&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF1B445CF-95A7-4DA3-9E2B-64FAF8D25092&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx [2012-12-28]
CHR Extension: (SaveClicker) - C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck [2014-04-22]
C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck
FF Extension: SaveClicker - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net [2014-04-22]
C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net
2014-05-02 22:28 - 2013-04-28 20:15 - 00000000 ____D () C:\ProgramData\Iminent
C:\Users\Public\AlexaNSISPlugin.5432.dll
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ealchnonpofjocgofjpopjdoegbbkofj => Key deleted successfully.
"C:\Program Files (x86)\HappyLyrics\Chrome.crx" => File/Directory not found.
C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck => Moved successfully.
"C:\Users\kL95eS54wA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfbmopddjnffbkencdkbbclfppghjjck" => File/Directory not found.
C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net => Moved successfully.
"C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\ci6tadm@nlkuoova.net" => File/Directory not found.
C:\ProgramData\Iminent => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.5432.dll => Moved successfully.

==== End of Fixlog ====

puh, das hat jetzt aber gedauert und er hat auch noch 22 infizierte Dateien gefunden.....

Code:
C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir        Variante von Win64/Adware.Adpeak.C Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir        Variante von Win32/AdWare.Adpeak.F Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir        Variante von Win64/Adware.Adpeak.C Anwendung
C:\AdwCleaner\Quarantine\C\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\plugin@yontoo.com\content\overlay.js.vir        Win32/Adware.Yontoo Anwendung
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll        Variante von Win32/Adware.Yontoo.B Anwendung
C:\temp\t.msi        Win32/AdWare.Adpeak.B Anwendung
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll        Variante von Win32/Adware.Yontoo.B Anwendung
C:\Users\kL95eS54wA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ4CSBD2\1C58550B-3B5C-46C3-B5F5-29DD3158EC0B[1].exe        Mehrere Bedrohungen
C:\Users\kL95eS54wA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHSELKPK\PCHealthKitINTc[1].exe        Variante von Win32/SpeedingUpMyPC.F Anwendung
C:\Users\kL95eS54wA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHSELKPK\yontoosetup[1].exe        Mehrere Bedrohungen
C:\Users\kL95eS54wA\AppData\Local\Temp\294823_.exe        Win32/AdWare.MultiPlug.V Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\air2AA7.exe        Variante von Win32/SpeedingUpMyPC.F Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\appinstal1.exe        Variante von Win32/AdWare.BetterSurf.C Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\appinstall.exe        Variante von Win32/AdWare.BetterSurf.C Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\Setup-a.exe        Variante von Win32/AdWare.BetterSurf.C Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\15d317a0-a30d-4536-bd69-7e534f8cddcf\software\OptimizerPro.exe        Win32/SpeedingUpMyPC.I Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\5c8006c8-9a5c-44af-8cf1-119b1451c6f5\software\OptimizerPro.exe        Win32/SpeedingUpMyPC.I Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\9c3defca-0b1b-43b1-9c18-cc73e9a573dd\software\OptimizerPro.exe        Win32/SpeedingUpMyPC.I Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\DIQ\FlashPlayer_151\software\OptimizerPro.exe        Win32/SpeedingUpMyPC.I Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\f687b018-1695-437e-bbae-83314dcea04c\software\OptimizerPro.exe        Win32/SpeedingUpMyPC.I Anwendung
C:\Users\kL95eS54wA\AppData\Local\Temp\{48934079-FC00-4E5D-91A0-CAD76FB050A2}\setup.exe        Mehrere Bedrohungen
C:\Users\kL95eS54wA\Downloads\LiveiStreamSetup-1.2.exe        Variante von Win32/Injected.F Trojaner

deeprybka 03.05.2014 22:03
Hi...

bitte das ganze Logfile von ESET posten! Danke :)

Doreen1979 03.05.2014 22:07
bin mir jetzt unsicher, soll ich jetzt den haken bei "Anwendung nach dem schließen deinstallieren" setzen und dann auf fertig stellen?:confused:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e2e9492f3ef21a4a90b462ad3c68dda9
# engine=18126
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-03 08:40:29
# local_time=2014-05-03 10:40:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 17255 16495558 0 0
# scanned=236555
# found=22
# cleaned=0
# scan_time=9074
sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="Variante von Win32/AdWare.Adpeak.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=CE47DBCA9759680C78C544823BEED9FE2E1A8411 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B Anwendung" ac=I fn="C:\temp\t.msi"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=7B01AD2B6DB949F397F40770F0E64B95745E81BC ft=1 fh=5e26dae901624105 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ4CSBD2\1C58550B-3B5C-46C3-B5F5-29DD3158EC0B[1].exe"
sh=3264094EF9A6BB1850C8087C312674E654C3498B ft=1 fh=e2b67a4d6c5e6614 vn="Variante von Win32/SpeedingUpMyPC.F Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHSELKPK\PCHealthKitINTc[1].exe"
sh=B81C86D02DF1C73D13AD60A588B0F9B236EA3C70 ft=1 fh=86a2c950cdfa5ca9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHSELKPK\yontoosetup[1].exe"
sh=8D0C067C28FA7D5FBBC9C0884AA53FB0BA3B008B ft=1 fh=a52ba9578827e3ca vn="Win32/AdWare.MultiPlug.V Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\294823_.exe"
sh=3264094EF9A6BB1850C8087C312674E654C3498B ft=1 fh=e2b67a4d6c5e6614 vn="Variante von Win32/SpeedingUpMyPC.F Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\air2AA7.exe"
sh=6F63AF2BA7D3BBFC39F514324F2174AF70E8AC18 ft=1 fh=01fad9a0faeeada5 vn="Variante von Win32/AdWare.BetterSurf.C Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\appinstal1.exe"
sh=DB084984503B993F19D624E0EA50ECDC0936D892 ft=1 fh=cd1644c899707c3a vn="Variante von Win32/AdWare.BetterSurf.C Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\appinstall.exe"
sh=93DE5892670F6183F794386258F227BB3651AE48 ft=1 fh=217c4ff75846ffdc vn="Variante von Win32/AdWare.BetterSurf.C Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\Setup-a.exe"
sh=FFEFE3FDFF2866650805AEB53A692130415CFB90 ft=1 fh=a4bb7e5296b1b2b3 vn="Win32/SpeedingUpMyPC.I Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\15d317a0-a30d-4536-bd69-7e534f8cddcf\software\OptimizerPro.exe"
sh=C9CB44D574DB218078073AA773D6C3F1FA8FE6DB ft=1 fh=ac173533d5a3e2df vn="Win32/SpeedingUpMyPC.I Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\5c8006c8-9a5c-44af-8cf1-119b1451c6f5\software\OptimizerPro.exe"
sh=55803AB6D56D6F89CBD80749D96DE9548967CEF1 ft=1 fh=a4bb7e522f05cdf5 vn="Win32/SpeedingUpMyPC.I Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\9c3defca-0b1b-43b1-9c18-cc73e9a573dd\software\OptimizerPro.exe"
sh=44CF7D474808241C97CFCC012E6C8C914843634E ft=1 fh=b34e093f7950fc64 vn="Win32/SpeedingUpMyPC.I Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\DIQ\FlashPlayer_151\software\OptimizerPro.exe"
sh=79368E5D38BB1DB1CFDBF74228995EDB87A5C002 ft=1 fh=a4bb7e52e408c257 vn="Win32/SpeedingUpMyPC.I Anwendung" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\f687b018-1695-437e-bbae-83314dcea04c\software\OptimizerPro.exe"
sh=D009AB5440D7381654EAD56AA193B91788C2B2B5 ft=1 fh=fcb1c8ab5260196c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\kL95eS54wA\AppData\Local\Temp\{48934079-FC00-4E5D-91A0-CAD76FB050A2}\setup.exe"
sh=129D83748ADA4361A4A6BFE666C38F0F5B6950A1 ft=1 fh=c71c001165bff6da vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\kL95eS54wA\Downloads\LiveiStreamSetup-1.2.exe"
jetzt richtig?

deeprybka 03.05.2014 22:09
:)

Haken brauchst nicht setzen, weil es auch nicht deinstallieren musst. Kannst später immer wiedermal scannen oder auch deinstallieren...

OK! Danke für die gute Mitarbeit bisher! :daumenhoc

Sind bald fertig, morgen gehts dann in die letzte Runde... ;)

Doreen1979 03.05.2014 22:12
Achso ich dachte um die Bedrohungen weg zu bekommen soll man das deinstallieren? Also dann alles zu machen und fertig für heut?

Du bedankst dich für die gute Mitarbeit? Ich bin diejenige die sich bedanken muss!!!
:dankeschoen:

Schönen Abend noch :)

deeprybka 03.05.2014 22:17
:abklatsch:


Aber Schritt 3 noch machen...sonst wird der Schlaf gestrichen... ;)

Doreen1979 03.05.2014 22:22
:stirn:
oh danke das hätt ich jetzt fast vergessen.....:rolleyes:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Kalle (administrator) on WOHNZIMMERPC2 on 03-05-2014 23:20:40
Running from C:\Users\kL95eS54wA\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-15] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-04] (CANON INC.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_04bb7c0eb298422689aaa33b476816cf_39_1006_20130610_DE_ie_sp_
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default
FF NewTab: chrome://lightning/content/newtab.html
FF SearchEngineOrder.1: Amazon
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_04bb7c0eb298422689aaa33b476816cf_39_1006_20130610_DE_ff_ab_&tag=bds-p23-serp-de-ff-21&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ep - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-21]
FF Extension: GMX MailCheck - C:\Users\kL95eS54wA\AppData\Roaming\Mozilla\Firefox\Profiles\au0imoaf.default\Extensions\toolbar@gmx.net.xpi [2013-02-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-03-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-03-27]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

==================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
S3 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
U0 ixfdr; C:\Windows\System32\drivers\pnvdy.sys [79064 2014-05-02] (Malwarebytes Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-03] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-04-03] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4293672 2012-09-13] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 19:54 - 2014-05-03 19:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-03 19:51 - 2014-05-03 19:52 - 02347384 _____ (ESET) C:\Users\kL95eS54wA\Downloads\esetsmartinstaller_deu.exe
2014-05-03 17:56 - 2014-05-03 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-03 17:54 - 2014-04-29 16:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 17:54 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 17:54 - 2014-04-29 14:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 17:54 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 22:36 - 2014-05-02 22:36 - 00000000 ____D () C:\Users\kL95eS54wA\Desktop\FRST-OlderVersion
2014-05-02 22:29 - 2014-05-02 22:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\pnvdy.sys
2014-05-02 21:59 - 2014-05-02 21:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 21:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 21:59 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 21:51 - 2014-05-02 23:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 21:50 - 2014-05-02 21:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\kL95eS54wA\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 21:50 - 2014-05-02 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 21:38 - 2014-05-02 21:38 - 00001259 _____ () C:\Users\kL95eS54wA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-05-02 21:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 21:28 - 2014-05-02 23:05 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:17 - 2014-05-02 21:17 - 00001079 _____ () C:\Users\kL95eS54wA\Desktop\7z920.exe - Verknüpfung.lnk
2014-05-02 20:48 - 2014-05-02 20:48 - 03007700 _____ () C:\Users\kL95eS54wA\Desktop\revouninstaller.zip
2014-05-02 20:29 - 2014-05-02 20:30 - 01310621 _____ () C:\Users\kL95eS54wA\Desktop\adwcleaner.exe
2014-04-30 21:21 - 2014-05-02 22:39 - 00016151 _____ () C:\Users\kL95eS54wA\Desktop\Addition.txt
2014-04-30 21:19 - 2014-05-03 23:20 - 00015717 _____ () C:\Users\kL95eS54wA\Desktop\FRST.txt
2014-04-30 21:18 - 2014-05-03 23:20 - 00000000 ____D () C:\FRST
2014-04-30 21:18 - 2014-05-02 22:36 - 02062336 _____ (Farbar) C:\Users\kL95eS54wA\Desktop\FRST64.exe
2014-04-25 21:32 - 2014-04-25 21:57 - 00001621 _____ () C:\Users\kL95eS54wA\Desktop\Continue NoScript.lnk
2014-04-24 13:49 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-24 13:49 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-24 13:49 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 13:49 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-24 13:49 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 13:49 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-24 13:48 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-24 13:48 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-24 13:48 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-24 13:47 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-24 13:47 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-24 13:47 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-24 13:47 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-24 13:47 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-24 13:47 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-24 13:47 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-24 13:47 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-24 13:47 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-24 13:47 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-24 13:47 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-22 20:56 - 2014-05-02 21:35 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-22 20:56 - 2014-05-02 20:58 - 00000000 ____D () C:\ProgramData\54a64e893474769f
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator
2014-04-22 20:55 - 2014-04-22 20:55 - 00533536 _____ () C:\Users\kL95eS54wA\Desktop\noscript-2.6.4.4-fx+fn+sm.xpi
2014-04-19 13:18 - 2014-04-19 13:18 - 02478040 _____ (Flawless Technology) C:\Users\kL95eS54wA\Downloads\Codec.exe
2014-04-15 18:39 - 2014-04-15 18:48 - 00001738 _____ () C:\Users\kL95eS54wA\Desktop\Continue FLV Player.lnk
2014-04-15 15:14 - 2014-04-15 15:14 - 00306992 _____ () C:\Windows\Minidump\041514-22390-01.dmp
2014-04-14 13:39 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 13:39 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 13:39 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 13:39 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 13:33 - 2014-04-30 19:13 - 11355008 _____ (Reimage®) C:\TRANSLATE
2014-04-14 13:30 - 2014-04-14 13:31 - 07448776 _____ () C:\Users\kL95eS54wA\Downloads\Infigo_setup.exe
2014-04-13 21:50 - 2014-04-13 21:50 - 01299376 _____ (Uniblue Systems Limited ) C:\Users\kL95eS54wA\Downloads\speedupmypc_2570068_.exe
2014-04-13 20:42 - 2014-04-13 20:43 - 00755637 _____ () C:\Users\kL95eS54wA\Downloads\PCSpeedRepairSetup.exe.part
2014-04-11 09:31 - 2014-04-11 09:31 - 00000000 ____D () C:\rei
2014-04-11 09:29 - 2014-04-11 09:29 - 00003069 _____ () C:\Users\kL95eS54wA\Desktop\DownQuick.lnk
2014-04-11 09:29 - 2014-04-11 09:29 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Roaming\downquick
2014-04-11 09:28 - 2014-04-30 19:12 - 00000936 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-04-11 09:27 - 2014-04-30 19:12 - 00000099 _____ () C:\Windows\Reimage.ini
2014-04-11 09:27 - 2014-04-11 09:27 - 00785928 _____ (Reimage®) C:\Users\kL95eS54wA\Downloads\ReimageRepair.exe
2014-04-10 21:59 - 2014-04-10 22:07 - 04441904 _____ () C:\Users\kL95eS54wA\Downloads\avira_de_av___ws.exe
2014-04-10 20:52 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 20:52 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-10 20:52 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-10 20:52 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 11:25 - 2014-04-09 11:25 - 00001143 _____ () C:\Users\Public\Desktop\Optimizer Elite Max.lnk
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
2014-04-08 22:11 - 2014-04-08 22:12 - 00609316 _____ () C:\Users\kL95eS54wA\Downloads\Player_Setup.exe
2014-04-08 22:01 - 2014-04-08 22:02 - 01337596 _____ () C:\Users\kL95eS54wA\Downloads\CodecPerformerSetup.exe
2014-04-08 20:45 - 2014-04-08 20:45 - 00605757 _____ () C:\Users\kL95eS54wA\Downloads\Java.exe
2014-04-07 18:40 - 2014-04-07 18:48 - 02276016 _____ () C:\Users\kL95eS54wA\Downloads\avira_pc_cleaner_de.exe
2014-04-06 20:50 - 2014-04-06 20:51 - 00323384 _____ () C:\Windows\Minidump\040614-30406-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-03 23:20 - 2014-04-30 21:19 - 00015717 _____ () C:\Users\kL95eS54wA\Desktop\FRST.txt
2014-05-03 23:20 - 2014-04-30 21:18 - 00000000 ____D () C:\FRST
2014-05-03 23:12 - 2012-12-21 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 23:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-03 22:55 - 2012-12-13 11:43 - 01275158 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 22:40 - 2012-12-13 11:50 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-394354521-1439425215-4275879579-1001
2014-05-03 21:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-03 19:54 - 2014-05-03 19:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-03 19:52 - 2014-05-03 19:51 - 02347384 _____ (ESET) C:\Users\kL95eS54wA\Downloads\esetsmartinstaller_deu.exe
2014-05-03 19:49 - 2012-09-21 16:58 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-05-03 19:49 - 2012-09-21 16:58 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-05-03 19:49 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 19:34 - 2012-12-13 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-03 19:32 - 2012-09-22 06:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-03 17:57 - 2014-05-03 17:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 23:26 - 2014-05-02 21:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 23:05 - 2014-05-02 21:28 - 00000000 ____D () C:\AdwCleaner
2014-05-02 22:39 - 2014-04-30 21:21 - 00016151 _____ () C:\Users\kL95eS54wA\Desktop\Addition.txt
2014-05-02 22:36 - 2014-05-02 22:36 - 00000000 ____D () C:\Users\kL95eS54wA\Desktop\FRST-OlderVersion
2014-05-02 22:36 - 2014-04-30 21:18 - 02062336 _____ (Farbar) C:\Users\kL95eS54wA\Desktop\FRST64.exe
2014-05-02 22:29 - 2014-05-02 22:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\pnvdy.sys
2014-05-02 22:29 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-05-02 22:28 - 2014-02-04 19:14 - 00000000 ____D () C:\ProgramData\WPM
2014-05-02 22:28 - 2013-04-20 16:09 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-02 21:59 - 2014-05-02 21:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 21:59 - 2014-05-02 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 21:50 - 2014-05-02 21:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\kL95eS54wA\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 21:50 - 2014-05-02 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 21:38 - 2014-05-02 21:38 - 00001259 _____ () C:\Users\kL95eS54wA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-05-02 21:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 21:35 - 2014-04-22 20:56 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-05-02 21:35 - 2012-09-21 17:30 - 00029542 _____ () C:\Windows\PFRO.log
2014-05-02 21:32 - 2012-12-13 11:43 - 00000000 ____D () C:\Users\kL95eS54wA
2014-05-02 21:32 - 2012-09-24 08:28 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-05-02 21:32 - 2012-09-24 08:28 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-05-02 21:17 - 2014-05-02 21:17 - 00001079 _____ () C:\Users\kL95eS54wA\Desktop\7z920.exe - Verknüpfung.lnk
2014-05-02 21:12 - 2012-12-21 18:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-02 20:58 - 2014-04-22 20:56 - 00000000 ____D () C:\ProgramData\54a64e893474769f
2014-05-02 20:51 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-02 20:48 - 2014-05-02 20:48 - 03007700 _____ () C:\Users\kL95eS54wA\Desktop\revouninstaller.zip
2014-05-02 20:36 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-02 20:30 - 2014-05-02 20:29 - 01310621 _____ () C:\Users\kL95eS54wA\Desktop\adwcleaner.exe
2014-05-01 20:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 21:27 - 2013-11-17 19:14 - 00000000 ____D () C:\Users\kL95eS54wA\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-04-30 21:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-30 19:13 - 2014-04-14 13:33 - 11355008 _____ (Reimage®) C:\TRANSLATE
2014-04-30 19:12 - 2014-04-11 09:28 - 00000936 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-04-30 19:12 - 2014-04-11 09:27 - 00000099 _____ () C:\Windows\Reimage.ini
2014-04-29 16:14 - 2014-05-03 17:54 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:47 - 2014-05-03 17:54 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:36 - 2014-05-03 17:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:25 - 2014-05-03 17:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 21:57 - 2014-04-25 21:32 - 00001621 _____ () C:\Users\kL95eS54wA\Desktop\Continue NoScript.lnk
2014-04-25 21:20 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-25 21:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-23 01:47 - 2013-12-15 14:47 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-23 01:47 - 2013-12-15 14:47 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-22 22:36 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Gast
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-22 20:56 - 2014-04-22 20:56 - 00000000 ____D () C:\Users\Administrator
2014-04-22 20:55 - 2014-04-22 20:55 - 00533536 _____ () C:\Users\kL95eS54wA\Desktop\noscript-2.6.4.4-fx+fn+sm.xpi
2014-04-19 13:18 - 2014-04-19 13:18 - 02478040 _____ (Flawless Technology) C:\Users\kL95eS54wA\Downloads\Codec.exe
2014-04-18 13:52 - 2014-02-04 19:13 - 00001037 _____ () C:\Users\Public\Desktop\VideoPlayer.lnk
2014-04-16 10:58 - 2013-07-21 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 18:48 - 2014-04-15 18:39 - 00001738 _____ () C:\Users\kL95eS54wA\Desktop\Continue FLV Player.lnk
2014-04-15 15:14 - 2014-04-15 15:14 - 00306992 _____ () C:\Windows\Minidump\041514-22390-01.dmp
2014-04-15 15:14 - 2013-01-05 16:05 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 15:13 - 2013-01-05 16:05 - 717655346 _____ () C:\Windows\MEMORY.DMP
2014-04-14 13:31 - 2014-04-14 13:30 - 07448776 _____ () C:\Users\kL95eS54wA\Downloads\Infigo_setup.exe
2014-04-14 13:03 - 2012-12-13 19:49 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-14 13:03 - 2012-12-13 19:49 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-13 21:50 - 2014-04-13 21:50 - 01299376 _____ (Uniblue Systems Limited ) C:\Users\kL95eS54wA\Downloads\speedupmypc_2570068_.exe
2014-04-13 20:43 - 2014-04-13 20:42 - 00755637 _____ () C:\Users\kL95eS54wA\Downloads\PCSpeedRepairSetup.exe.part
2014-04-11 09:31 - 2014-04-11 09:31 - 00000000 ____D () C:\rei
2014-04-11 09:29 - 2014-04-11 09:29 - 00003069 _____ () C:\Users\kL95eS54wA\Desktop\DownQuick.lnk
2014-04-11 09:29 - 2014-04-11 09:29 - 00000000 ____D () C:\Users\kL95eS54wA\AppData\Roaming\downquick
2014-04-11 09:27 - 2014-04-11 09:27 - 00785928 _____ (Reimage®) C:\Users\kL95eS54wA\Downloads\ReimageRepair.exe
2014-04-10 22:07 - 2014-04-10 21:59 - 04441904 _____ () C:\Users\kL95eS54wA\Downloads\avira_de_av___ws.exe
2014-04-09 11:25 - 2014-04-09 11:25 - 00001143 _____ () C:\Users\Public\Desktop\Optimizer Elite Max.lnk
2014-04-09 11:25 - 2014-04-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
2014-04-08 22:12 - 2014-04-08 22:11 - 00609316 _____ () C:\Users\kL95eS54wA\Downloads\Player_Setup.exe
2014-04-08 22:02 - 2014-04-08 22:01 - 01337596 _____ () C:\Users\kL95eS54wA\Downloads\CodecPerformerSetup.exe
2014-04-08 20:45 - 2014-04-08 20:45 - 00605757 _____ () C:\Users\kL95eS54wA\Downloads\Java.exe
2014-04-07 18:48 - 2014-04-07 18:40 - 02276016 _____ () C:\Users\kL95eS54wA\Downloads\avira_pc_cleaner_de.exe
2014-04-06 20:51 - 2014-04-06 20:50 - 00323384 _____ () C:\Windows\Minidump\040614-30406-01.dmp
2014-04-03 14:52 - 2012-08-02 15:09 - 00030304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-04-03 14:52 - 2012-06-19 18:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-03 14:50 - 2012-07-26 09:21 - 00026401 _____ () C:\Windows\setupact.log
2014-04-03 09:51 - 2014-05-02 21:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 21:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 21:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\kL95eS54wA\AppData\Local\Temp\294823_.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\2A91_SoftwareUpdaterSetupC.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air1FFF.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air2AA7.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air3F82.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air8D70.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\air995C.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airBA03.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airBCB4.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airC0C8.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\airC56.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\appinstal1.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\appinstall.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\AppLauncher.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\COMAP.EXE
C:\Users\kL95eS54wA\AppData\Local\Temp\EnableExtDll.dll
C:\Users\kL95eS54wA\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\install_reader11_de_mssa_aih.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\instract.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\qyfq_hyz.dll
C:\Users\kL95eS54wA\AppData\Local\Temp\rcpsetup_isppi.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\ReimagePackage.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\Setup-a.exe
C:\Users\kL95eS54wA\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 20:29

==================== End Of Log ============================
--- --- ---

--- --- ---

deeprybka 03.05.2014 22:22
Der geht ja flott.... ;)

Übrigens, die Funde von ESET löschen wir schon noch...aber anders... :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:48 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55