| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bizcoaching TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2013, 09:37
| #1 |
| |  Bizcoaching Trojaner Hallo ich bin neu hier und habe ein großes Problem mit meinem Rechner. Seit kurzem hab ich auf Internetexplorer und Firefox diesen Bizcoaching Trojaner. Ich versuch gerade meine Daten zu retten, was aber auch nicht funktioniert. Ich bin Fotograf und habe am Wochenende eine Hochzeit, die schnellstmöglich bearbeitet werden soll. Jetzt spinnt der Rechner. Wer kann mir helfen? Ich nutze Kaspersky Internetsecurity 2013 sowie den CC cleaner und seit gestern habe ich mal den avira de Cleaner durchlaufen lassen. Alles angeblich in Ordnung. Mein Internet ist auch seit dem sehr langsam und wird mit Werbung dieser buildathome.info Seiten bombardiert. |
|
09.07.2013, 09:39
| #2 |
| /// the machine /// TB-Ausbilder    | Bizcoaching Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.07.2013, 09:57
| #3 |
| | Bizcoaching Trojaner danke hier die FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013
Ran by Daniel (administrator) on 09-07-2013 10:54:30
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(DT Soft Ltd) D:\Progs\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [DAEMON Tools Lite] "D:\Progs\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: {1d8a81d7-0307-11e1-b9ce-001f3f061ce5} - F:\start.exe
MountPoints2: {c6a897e5-fa67-11e0-98cf-002522deafe1} - F:\pushinst.exe
MountPoints2: {e7a55429-f749-11e0-a7a8-806e6f6e6963} - E:\SETUP.EXE /AUTORUN
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_16_Plus_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1519680 2013-06-27] (1und1 Mail und Media GmbH)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SpyderUtility.lnk
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKCU SearchScopes: DefaultScope {09B4D125-41DB-4B99-9F5C-315F911EA5BC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {09B4D125-41DB-4B99-9F5C-315F911EA5BC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=42A8001F3F061CE5&affID=119556&tsp=4922
SearchScopes: HKCU - {75F1AA20-7F15-4845-9FB9-1C574E243DB0} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7B0C4B16-36B6-408B-9144-841C7F695C96} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7BB864AB-1388-4AB2-A947-60000A96A91B} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AC260DFE-D290-41CB-9BBB-50BCDB3F0310} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: LyricsContainer - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\116.dll (RYD Software)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\user.js
FF Homepage: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files (x86)\LyricsContainer\116.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsContainer\116.xpi
==================== Services (Whitelisted) =================
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] ()
==================== Drivers (Whitelisted) ====================
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-29] (DT Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-01] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-01] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-17] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-09 10:50 - 2013-07-09 10:50 - 01776219 ____A (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-07-09 10:50 - 2013-07-09 10:50 - 00000000 ____D C:\FRST
2013-07-08 20:42 - 2013-07-08 20:54 - 00000000 ____D C:\Users\Daniel\Desktop\Flyer
2013-07-08 19:51 - 2013-07-08 19:51 - 00002076 ____A C:\Users\Daniel\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-07-08 19:51 - 2013-07-08 19:51 - 00002005 ____A C:\Users\Daniel\Desktop\Avira DE-Cleaner.lnk
2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-01 15:18 - 2013-07-01 15:18 - 00000000 ____D C:\ProgramData\UUdb
2013-06-28 15:05 - 2013-07-09 10:54 - 00000410 ____A C:\Windows\Tasks\LyricsContainer Update.job
2013-06-28 15:05 - 2013-06-28 15:05 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-06-27 19:22 - 2013-06-27 19:47 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner
2013-06-24 15:38 - 2013-06-24 15:58 - 727355664 ____A C:\Users\Daniel\Desktop\IMG_4735.tif
2013-06-23 20:34 - 2013-06-23 20:35 - 165193972 ____A C:\Users\Daniel\Desktop\IMG_0639.tif
2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\MGTEK
2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\Common Files\MGTEK
2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files (x86)\MGTEK
2013-06-23 18:37 - 2013-06-24 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\PerformerSoft
2013-06-23 18:37 - 2013-06-23 18:42 - 00000000 ____D C:\Users\Daniel\AppData\Local\MGTEK
2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\File Scout
2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-06-23 18:37 - 2012-12-19 15:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe
2013-06-23 18:36 - 2013-06-23 18:36 - 00000000 ____D C:\ProgramData\MGTEK
2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GrabPro
2013-06-23 18:13 - 2013-06-24 15:02 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-06-23 18:13 - 2013-06-23 18:13 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-23 18:12 - 2013-06-28 15:05 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-22 00:02 - 2013-06-22 00:02 - 44517724 ____A C:\Users\Daniel\Desktop\IMG_406a9.tif
2013-06-20 18:40 - 2013-06-20 18:40 - 00000411 ____A C:\Users\Daniel\Desktop\Neues Textdokument (5).txt
2013-06-19 21:15 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner (3)
2013-06-19 21:06 - 2013-06-19 21:06 - 00000878 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\OpenCandy
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Babylon
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BabSolution
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\ProgramData\Babylon
2013-06-19 15:30 - 2013-07-09 10:53 - 00529760 ____A C:\Windows\setupact.log
2013-06-19 15:30 - 2013-07-04 16:35 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 20:42 - 2013-06-18 20:44 - 21461201 ____A C:\Users\Daniel\Desktop\IMG_9796.CR2
2013-06-15 10:17 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 10:17 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 10:17 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 10:17 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 10:17 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 10:17 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 10:17 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 10:17 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 10:17 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 10:17 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 10:17 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 10:17 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 16:26 - 2013-06-13 16:43 - 00000000 ____D C:\Users\Daniel\Desktop\westerhever
2013-06-12 22:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 22:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 15:41 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 15:41 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 15:41 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 15:41 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 15:41 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 15:41 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 15:41 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 15:41 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 15:41 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 15:41 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 15:41 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 15:41 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 15:41 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 15:41 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 15:41 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 15:41 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 15:41 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 15:41 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 15:41 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-09 10:54 - 2013-06-28 15:05 - 00000410 ____A C:\Windows\Tasks\LyricsContainer Update.job
2013-07-09 10:53 - 2013-06-19 15:30 - 00529760 ____A C:\Windows\setupact.log
2013-07-09 10:53 - 2013-02-01 16:23 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-09 10:53 - 2013-02-01 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-09 10:53 - 2011-10-15 20:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 10:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 10:50 - 2013-07-09 10:50 - 01776219 ____A (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-07-09 10:50 - 2013-07-09 10:50 - 00000000 ____D C:\FRST
2013-07-09 10:40 - 2013-04-08 14:31 - 01049052 ____A C:\Windows\WindowsUpdate.log
2013-07-09 10:19 - 2012-04-17 16:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 10:10 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-07-09 10:10 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-07-09 10:10 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 08:11 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 08:11 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 08:04 - 2009-07-14 06:45 - 05137744 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-08 22:05 - 2011-10-15 17:38 - 00163384 ____A C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-08 20:54 - 2013-07-08 20:42 - 00000000 ____D C:\Users\Daniel\Desktop\Flyer
2013-07-08 19:51 - 2013-07-08 19:51 - 00002076 ____A C:\Users\Daniel\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-07-08 19:51 - 2013-07-08 19:51 - 00002005 ____A C:\Users\Daniel\Desktop\Avira DE-Cleaner.lnk
2013-07-05 16:39 - 2013-05-12 19:48 - 00000000 ____D C:\Users\Daniel\Desktop\meine hp bilder
2013-07-04 16:35 - 2013-06-19 15:30 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 16:33 - 2012-08-09 20:15 - 00000000 ____D C:\Windows\Minidump
2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-01 15:18 - 2013-07-01 15:18 - 00000000 ____D C:\ProgramData\UUdb
2013-07-01 15:18 - 2013-04-15 21:08 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-28 15:05 - 2013-06-28 15:05 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-06-28 15:05 - 2013-06-23 18:12 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-27 19:47 - 2013-06-27 19:22 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner
2013-06-26 19:28 - 2013-04-22 20:20 - 00000000 ____D C:\Users\Daniel\Desktop\orginal dateien für gallerie
2013-06-25 17:42 - 2013-01-03 19:07 - 00000000 ____D C:\Users\Daniel\Desktop\meine schönsten bilder von hamburg
2013-06-24 15:58 - 2013-06-24 15:38 - 727355664 ____A C:\Users\Daniel\Desktop\IMG_4735.tif
2013-06-24 15:02 - 2013-06-23 18:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-06-24 15:02 - 2011-10-27 15:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-06-24 15:02 - 2011-10-27 15:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-24 15:01 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\PerformerSoft
2013-06-23 20:35 - 2013-06-23 20:34 - 165193972 ____A C:\Users\Daniel\Desktop\IMG_0639.tif
2013-06-23 18:42 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\MGTEK
2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\MGTEK
2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\Common Files\MGTEK
2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files (x86)\MGTEK
2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\File Scout
2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-06-23 18:36 - 2013-06-23 18:36 - 00000000 ____D C:\ProgramData\MGTEK
2013-06-23 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GrabPro
2013-06-23 18:13 - 2013-06-23 18:13 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-22 12:11 - 2013-04-22 20:40 - 00000000 ____D C:\ProgramData\hps
2013-06-22 00:02 - 2013-06-22 00:02 - 44517724 ____A C:\Users\Daniel\Desktop\IMG_406a9.tif
2013-06-21 15:01 - 2011-10-30 23:15 - 00000000 ____D C:\Program Files\Google
2013-06-20 18:40 - 2013-06-20 18:40 - 00000411 ____A C:\Users\Daniel\Desktop\Neues Textdokument (5).txt
2013-06-19 21:21 - 2013-06-19 21:15 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner (3)
2013-06-19 21:06 - 2013-06-19 21:06 - 00000878 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\OpenCandy
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Babylon
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BabSolution
2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\ProgramData\Babylon
2013-06-19 21:06 - 2013-02-17 22:17 - 00000000 ____D C:\ProgramData\Freemake
2013-06-18 20:44 - 2013-06-18 20:42 - 21461201 ____A C:\Users\Daniel\Desktop\IMG_9796.CR2
2013-06-18 14:49 - 2011-10-15 18:18 - 00000000 ____D C:\Windows\Panther
2013-06-17 16:20 - 2011-12-29 20:14 - 00001158 ____A C:\Users\Daniel\AppData\Roaming\ShiftN.ini
2013-06-17 16:02 - 2012-06-08 12:38 - 00054368 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-06-16 16:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 16:43 - 2013-06-13 16:26 - 00000000 ____D C:\Users\Daniel\Desktop\westerhever
2013-06-12 22:01 - 2009-07-14 04:34 - 00000499 ____A C:\Windows\win.ini
2013-06-12 22:00 - 2011-10-15 18:06 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 16:19 - 2012-04-17 16:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 16:19 - 2011-10-15 18:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 17:04 - 2011-11-18 12:25 - 00000788 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-10 17:04 - 2011-10-17 20:39 - 00000000 ____D C:\Program Files\CCleaner
2013-06-10 15:41 - 2013-02-01 16:23 - 00001029 ____A C:\Users\Daniel\Desktop\Dropbox.lnk
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 14:47
==================== End Of Log ============================
Addition.txt :FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013
Ran by Daniel at 2013-07-09 10:54:46
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adblock IE 2.2 (Version: 2.2.1524)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Reader X (10.1.1) - Deutsch (x32 Version: 10.1.1)
AutoUpdate (x32 Version: 1.1)
AVM FRITZ!WLAN (x32)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.3)
CCleaner (Version: 4.02)
CDBurnerXP (x32 Version: 4.5.1.4003)
Color Efex Pro 4 (x32 Version: 4.0.0.2)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
dBpoweramp Music Converter (x32 Version: Release 14.4)
Delta toolbar (x32 Version: 1.8.21.5)
Designer 2.0 (x32 Version: 7.9.4)
Dfine 2.0 (x32 Version: 2.1.1.0)
DivX Codec (x32 Version: 6.5.1)
DivX Content Uploader (x32 Version: 1.1.0)
DivX Player (x32 Version: 6.4.2)
DivX Web Player (x32 Version: 1.3.0)
Dropbox (HKCU Version: 2.0.22)
Etron USB3.0 Host Controller (x32 Version: 0.96)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Freemake Video Converter Version 4.0.1 (x32 Version: 4.0.1)
HDR Efex Pro (x32 Version: 1.2.0.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2372)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LyricsContainer (x32)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed 2 (MSI) (x32 Version: 6.0.1.4)
MAGIX Video deluxe 16 Plus Sonderedition (x32 Version: 9.0.5.10)
Mein CEWE FOTOBUCH (x32 Version: 5.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
Mozilla Firefox 20.0.1 (x86 de) (x32 Version: 20.0.1)
Mozilla Firefox 21.0 (x86 de) (HKCU Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
ock App Charger v1.0.4
Pano2VR - Garden Gnome Software (x32)
PDF Settings CS6 (x32 Version: 11.0)
PTGui Pro 9.1 (x32)
Recuva (Version: 1.41)
Sharpener Pro 3.0 (x32 Version: 3.0.1.0)
ShiftN 3.6.1 (x32 Version: 3.6.1)
Silver Efex Pro 2 (x32 Version: 2.0.0.0)
Spyder4Pro (x32)
TeamViewer 7 (x32 Version: 7.0.13989)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VLC media player 1.1.11 (x32 Version: 1.1.11)
WEB.DE MailCheck für Internet Explorer (x32 Version: 2.3.0.1)
WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.54)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR
==================== Restore Points =========================
01-07-2013 13:18:26 Windows-Sicherung
02-07-2013 12:22:34 Windows Update
07-07-2013 20:01:00 Windows-Sicherung
08-07-2013 20:48:24 Avira DE-Cleaner - 08.07.2013 22:48
09-07-2013 08:40:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-11-03 20:25 - 00001379 ___SH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com:443
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobeereg.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {292C07AC-E96E-4663-AAC6-D02512B9711A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {330974A5-8370-4947-8C38-378C2773E05F} - System32\Tasks\0 => C:\program files\internet explorer\iexplore.exe [2013-05-17] (Microsoft Corporation)
Task: {466A4A99-926A-44FF-AFAD-B28C02AE8E9D} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {4F686DBA-95DA-4DDF-A589-F3705971E271} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {609CCD98-536C-4D29-AB98-B2CBB9DFC8EC} - System32\Tasks\4770 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {73312DB8-D120-4BF1-8461-DBAEF55E73DB} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {7CC0D8A6-6EF8-4B3E-A332-5EBDFADFE4BB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {8D2289FC-D19A-4CC2-BFF8-5616A7C7DBE4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A6107385-7158-406C-9249-C2A1D7522B1B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {BA8DD23C-2974-4DB2-AADC-581F33171DFD} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-05-28] (1&1 Mail & Media GmbH)
Task: {BF1EA172-64C8-4F16-8FF9-843977403F74} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-06-22] (RYD Software)
Task: {D997F116-6647-43DB-B5E0-0EF23EB7334D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {E6F4FB6B-8313-4F7A-9B3D-18391E308FE7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {FF098F32-D4CB-4466-A65A-919B88A61C33} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/09/2013 08:05:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2013 09:48:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2013 09:52:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2013 04:18:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2013 08:17:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (07/09/2013 10:53:20 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 09.07.2013 um 10:50:51 unerwartet heruntergefahren.
Error: (07/09/2013 10:11:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error: (07/09/2013 10:09:39 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error: (07/09/2013 10:09:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error: (07/09/2013 10:09:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error: (07/09/2013 10:09:37 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error: (07/09/2013 10:09:37 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error: (07/08/2013 02:59:41 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.
Error: (07/05/2013 08:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/05/2013 08:15:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (07/09/2013 10:55:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/09/2013 08:05:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2013 09:48:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2013 09:52:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2013 04:18:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2013 08:17:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
CodeIntegrity Errors:
===================================
Date: 2013-07-08 18:47:56.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-08 18:47:56.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-08 18:47:56.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-08 18:47:56.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-08 18:47:56.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-08 18:47:56.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-05 10:13:37.475
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-05 10:13:37.475
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-05 10:13:37.475
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-05 10:13:37.459
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 16104.56 MB
Available physical RAM: 13772.87 MB
Total Pagefile: 32207.3 MB
Available Pagefile: 29724.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.69 GB) (Free:9 GB) NTFS (Disk=0 Partition=2)
Drive d: (Daten) (Fixed) (Total:1863.01 GB) (Free:609.07 GB) NTFS (Disk=1 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 49A0D496)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 32EAD54F)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
09.07.2013, 10:45
| #4 | |
| /// the machine /// TB-Ausbilder | Bizcoaching TrojanerZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 10:52
| #5 |
| | Bizcoaching Trojaner alles klar mach ich fertig |
|
09.07.2013, 10:55
| #6 |
| /// the machine /// TB-Ausbilder | Bizcoaching Trojaner ok 
__________________ --> Bizcoaching Trojaner |
|
| Themen zu Bizcoaching Trojaner |
| angeblich, avira, bombardiert, cc cleaner, cleaner, daten, explorer, firefox, gestern, großes, interne, internetexplorer, internetsecurity, kaspersky, langsam, neu, problem, retten, security, sehr langsam, seite, seiten, spinn, spinnt, trojaner, werbung, woche |
Linear-Darstellung
