| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2013, 21:06
| #1 |
 |  Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo, seit gestern habe ich ein Problem. Während des Servens mit Firefox ist im Hintergrund ein Fenster aufgegangen, das bei näherer Betrachtung aussah wie eine Seite die behauptet ich müsse wegen Rechtsverstößen Geld zahlen, damit mein Rechner nicht gesperrt würde. Da das Fenster nicht zu schliesen war, habe ich den Rechner hart runtergefahren und neugestartet. Seither habe ich Probleme mit den Browserzertifikaten. Jede https-Seite (ssl-verschlüsselt?) wird abgelehnt mit dem Hinweis das von der Seite zurückgelieferte Zertifikat sei ungültig bzw. die Verbindung sei nicht vertrauenswürdig. Habe ich meine Zertifikatspeicher zerschossen oder schlimmeres. Was muss ich im ersten Fall tun? Was im Zweiten? Eine Scan mit Malwarebytes und FRST habe ich schon gemacht. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.23.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 meister :: MEISTER-PC [Administrator] Schutz: Aktiviert 23.12.2013 07:04:20 mbam-log-2013-12-23 (07-04-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 540847 Laufzeit: 1 Stunde(n), 14 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
Ran by surfer (ATTENTION: The logged in user is not administrator) on MEISTER-PC on 23-12-2013 20:02:22
Running from C:\Users\surfer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391192 2010-08-02] (Acronis)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5452488 2010-08-02] (Acronis)
HKLM-x32\...\Run: [SAOB Monitor] - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2570648 2010-08-02] (Acronis)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NWEReboot] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\surfer\AppData\Roaming\Mozilla\Firefox\Profiles\ozowagv3.default-1370695269533
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\surfer\AppData\Roaming\Mozilla\Firefox\Profiles\ozowagv3.default-1370695269533\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-06-23] ()
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
==================== Drivers (Whitelisted) ====================
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-13] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-25] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-04-22] (Acronis)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-25] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-23 20:02 - 2013-12-23 20:02 - 00018936 _____ C:\Users\surfer\Desktop\FRST.txt
2013-12-23 20:01 - 2013-12-23 20:01 - 00000000 ____D C:\FRST
2013-12-23 19:41 - 2013-12-23 19:41 - 01928604 _____ (Farbar) C:\Users\surfer\Desktop\FRST64.exe
2013-12-23 07:32 - 2013-12-23 07:32 - 00000219 _____ C:\Users\surfer\Desktop\ Malwarebytes Anti-Malware .txt
2013-12-23 06:49 - 2013-12-23 06:49 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Users\meister\AppData\Roaming\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 06:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-23 06:43 - 2013-12-23 06:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 06:15 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-23 06:15 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-23 06:15 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-23 06:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-23 06:15 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-23 06:15 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-23 06:15 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-23 06:15 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-23 06:15 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-23 06:15 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-23 06:15 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-23 06:15 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-23 06:15 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-23 06:15 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-23 06:15 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-23 06:15 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-23 06:15 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-23 06:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-23 06:15 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-23 06:15 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-23 06:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-23 06:15 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-23 06:15 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-23 06:15 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-23 06:15 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-23 06:15 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-23 06:15 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-23 06:15 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-23 06:15 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-23 06:15 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-23 06:15 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 06:10 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-23 06:10 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-23 06:10 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-23 06:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-23 06:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-23 06:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-23 06:10 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-23 06:10 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-23 06:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-23 06:10 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-23 06:10 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-23 06:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-23 06:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-23 06:10 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-23 06:10 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-23 06:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-23 06:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-23 06:10 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-23 06:10 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-22 16:58 - 2013-12-22 16:58 - 00000000 ____D C:\.Trash-999
2013-12-21 13:17 - 2013-12-21 13:17 - 00019399 _____ C:\Users\surfer\Downloads\MultitaskingTest.htm
2013-12-15 20:56 - 2013-12-15 21:00 - 53582208 _____ (Citrix Systems, Inc.) C:\Users\surfer\Downloads\CitrixReceiverWeb.exe
2013-12-14 21:20 - 2013-12-15 00:01 - 00023552 _____ C:\Users\surfer\Desktop\Grundausstattungen.xls
2013-12-13 21:58 - 2013-12-13 21:59 - 21981704 _____ (Mozilla) C:\Users\surfer\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-13 21:57 - 2013-12-13 21:57 - 00283096 _____ (Mozilla) C:\Users\surfer\Downloads\Firefox Setup Stub 26.0.exe
2013-12-07 10:11 - 2013-12-07 10:11 - 00001501 _____ C:\Users\surfer\AppData\Local\recently-used.xbel
2013-12-06 21:34 - 2013-12-06 21:39 - 00000000 ____D C:\Users\surfer\Downloads\Telekom eumex800
2013-11-29 20:37 - 2013-11-29 20:45 - 00015317 _____ C:\Users\surfer\Documents\Touratech_navi_stromversorgung.odt
2013-11-27 16:40 - 2013-11-28 14:31 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 20:47 - 2013-11-26 20:47 - 00985600 _____ C:\Users\surfer\Downloads\MicrosoftFixit50123.msi
==================== One Month Modified Files and Folders =======
2013-12-23 20:02 - 2013-12-23 20:02 - 00018936 _____ C:\Users\surfer\Desktop\FRST.txt
2013-12-23 20:02 - 2012-04-01 14:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 20:01 - 2013-12-23 20:01 - 00000000 ____D C:\FRST
2013-12-23 19:41 - 2013-12-23 19:41 - 01928604 _____ (Farbar) C:\Users\surfer\Desktop\FRST64.exe
2013-12-23 18:30 - 2013-05-24 22:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-23 11:20 - 2011-11-21 14:18 - 02075370 _____ C:\Windows\WindowsUpdate.log
2013-12-23 08:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 07:32 - 2013-12-23 07:32 - 00000219 _____ C:\Users\surfer\Desktop\ Malwarebytes Anti-Malware .txt
2013-12-23 06:49 - 2013-12-23 06:49 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Users\meister\AppData\Roaming\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 06:43 - 2013-12-23 06:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 06:36 - 2011-11-21 23:11 - 00699682 _____ C:\Windows\system32\perfh007.dat
2013-12-23 06:36 - 2011-11-21 23:11 - 00149790 _____ C:\Windows\system32\perfc007.dat
2013-12-23 06:36 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 06:35 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 06:35 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 06:30 - 2012-09-09 20:01 - 00000295 _____ C:\Windows\Brownie.ini
2013-12-23 06:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 06:30 - 2009-07-14 05:51 - 00103931 _____ C:\Windows\setupact.log
2013-12-23 06:30 - 2009-07-14 05:45 - 00336992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 06:14 - 2013-07-11 19:57 - 00000000 ____D C:\Windows\system32\MRT
2013-12-23 06:11 - 2012-04-22 12:02 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-22 16:58 - 2013-12-22 16:58 - 00000000 ____D C:\.Trash-999
2013-12-21 13:17 - 2013-12-21 13:17 - 00019399 _____ C:\Users\surfer\Downloads\MultitaskingTest.htm
2013-12-18 22:04 - 2013-07-20 15:04 - 00000000 ____D C:\Users\surfer\Downloads\Klarmobil
2013-12-15 21:18 - 2013-01-21 07:47 - 00000000 ____D C:\Users\surfer\AppData\Roaming\ICAClient
2013-12-15 21:00 - 2013-12-15 20:56 - 53582208 _____ (Citrix Systems, Inc.) C:\Users\surfer\Downloads\CitrixReceiverWeb.exe
2013-12-15 00:01 - 2013-12-14 21:20 - 00023552 _____ C:\Users\surfer\Desktop\Grundausstattungen.xls
2013-12-14 20:43 - 2013-08-18 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 20:43 - 2012-06-03 17:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 20:43 - 2010-11-21 04:47 - 00205810 _____ C:\Windows\PFRO.log
2013-12-13 22:38 - 2012-04-07 11:28 - 00002090 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-12-13 22:38 - 2012-04-07 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 22:17 - 2013-04-01 19:22 - 00019974 _____ C:\Users\surfer\Documents\Wein.ods
2013-12-13 22:03 - 2012-04-01 14:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 22:03 - 2012-03-12 12:34 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-13 22:03 - 2011-10-20 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 21:59 - 2013-12-13 21:58 - 21981704 _____ (Mozilla) C:\Users\surfer\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-13 21:57 - 2013-12-13 21:57 - 00283096 _____ (Mozilla) C:\Users\surfer\Downloads\Firefox Setup Stub 26.0.exe
2013-12-13 21:56 - 2013-08-27 20:06 - 00016384 _____ C:\Users\surfer\Downloads\Spritrechner.xls
2013-12-13 21:08 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-13 21:08 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-07 10:12 - 2012-11-07 20:31 - 00000000 ____D C:\Users\surfer\.gimp-2.8
2013-12-07 10:11 - 2013-12-07 10:11 - 00001501 _____ C:\Users\surfer\AppData\Local\recently-used.xbel
2013-12-06 21:39 - 2013-12-06 21:34 - 00000000 ____D C:\Users\surfer\Downloads\Telekom eumex800
2013-11-29 20:45 - 2013-11-29 20:37 - 00015317 _____ C:\Users\surfer\Documents\Touratech_navi_stromversorgung.odt
2013-11-28 14:31 - 2013-11-27 16:40 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 20:47 - 2013-11-26 20:47 - 00985600 _____ C:\Users\surfer\Downloads\MicrosoftFixit50123.msi
2013-11-26 12:54 - 2013-12-23 06:15 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-23 06:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-23 06:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-23 06:15 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-23 06:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-23 06:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-23 06:15 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-23 06:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-23 06:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-23 06:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-23 06:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-23 06:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-23 06:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-23 06:15 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-23 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-23 06:15 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-23 06:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-23 06:15 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-23 06:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-23 06:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-23 06:15 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-23 06:15 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-23 06:15 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-23 06:15 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-23 06:15 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-23 06:15 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-23 06:15 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-23 06:15 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-23 06:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-23 06:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-23 06:15 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 22:06 - 2012-09-07 20:01 - 00000000 ____D C:\Users\surfer\AppData\Roaming\vlc
2013-11-23 20:07 - 2012-03-12 13:11 - 00073152 _____ C:\Users\surfer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 19:26 - 2013-12-23 06:10 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-23 06:10 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
Files to move or delete:
====================
C:\Users\surfer\AppData\Roaming\eSReg.ini
C:\Users\surfer\CTX.DAT
Some content of TEMP:
====================
C:\Users\surfer\AppData\Local\Temp\drm_dialogs.dll
C:\Users\surfer\AppData\Local\Temp\drm_dyndata_7370014.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013
Ran by surfer at 2013-12-23 20:02:53
Running from C:\Users\surfer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3504)
Acer ScreenSaver (x32 Version: 1.1.0913.2011)
Acer Updater (x32 Version: 1.02.3500)
Acronis*True*Image*Home 2011 (x32 Version: 14.0.5041)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
ANNO 2070 (x32 Version: 1.0.0.0)
Assassin's Creed (x32 Version: 1.02)
Assassin's Creed Brotherhood (x32 Version: 1.03)
Assassin's Creed II (x32 Version: 1.01)
Assassin's Creed Revelations 1.03 (x32 Version: 1.03)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
Backup Manager V3 (x32 Version: 3.0.0.99)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.0.765.0)
BRAdmin Professional 3 (x32 Version: 3.45.0007)
Brother HL-2150N (x32 Version: 1.00)
Cardo Updater (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1013.754.12275)
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.754.12275)
Catalyst Control Center Localization All (x32 Version: 2011.1013.754.12275)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.754.12275)
CCC Help Chinese Standard (x32 Version: 2011.1013.0753.12275)
CCC Help Chinese Traditional (x32 Version: 2011.1013.0753.12275)
CCC Help Czech (x32 Version: 2011.1013.0753.12275)
CCC Help Danish (x32 Version: 2011.1013.0753.12275)
CCC Help Dutch (x32 Version: 2011.1013.0753.12275)
CCC Help English (x32 Version: 2011.1013.0753.12275)
CCC Help Finnish (x32 Version: 2011.1013.0753.12275)
CCC Help French (x32 Version: 2011.1013.0753.12275)
CCC Help German (x32 Version: 2011.1013.0753.12275)
CCC Help Greek (x32 Version: 2011.1013.0753.12275)
CCC Help Hungarian (x32 Version: 2011.1013.0753.12275)
CCC Help Italian (x32 Version: 2011.1013.0753.12275)
CCC Help Japanese (x32 Version: 2011.1013.0753.12275)
CCC Help Korean (x32 Version: 2011.1013.0753.12275)
CCC Help Norwegian (x32 Version: 2011.1013.0753.12275)
CCC Help Polish (x32 Version: 2011.1013.0753.12275)
CCC Help Portuguese (x32 Version: 2011.1013.0753.12275)
CCC Help Russian (x32 Version: 2011.1013.0753.12275)
CCC Help Spanish (x32 Version: 2011.1013.0753.12275)
CCC Help Swedish (x32 Version: 2011.1013.0753.12275)
CCC Help Thai (x32 Version: 2011.1013.0753.12275)
CCC Help Turkish (x32 Version: 2011.1013.0753.12275)
ccc-utility64 (Version: 2011.1013.754.12275)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citrix Presentation Server Client (x32 Version: 10.00.52110)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Clonk Rage (x32)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (x32 Version: 1.0.0.0)
Command & Conquer™ Red Alert™ 3 and Uprising (x32 Version: 1.0.0.0)
Command & Conquer™: Generals and Zero Hour (x32 Version: 1.0.0.0)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97)
D3DX10 (x32 Version: 15.4.2368.0902)
Die Siedler - Aufbruch der Kulturen (x32)
DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte) (x32 Version: 1.00.0000)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
Downloader (x32)
eBay Worldwide (x32 Version: 2.2.0409)
Elevated Installer (x32 Version: 2.3.14.0)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fooz Kids (x32 Version: 3.0.8)
Fooz Kids Platform (x32 Version: 2.1)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Garmin BaseCamp (x32 Version: 4.2.4)
Garmin City Navigator Europe (Unicode) NT 2014.10 Update (x32 Version: 17.10.0.0)
Garmin Express (x32 Version: 2.3.14.0)
Garmin Express Tray (x32 Version: 2.3.14.0)
Garmin USB Drivers (x32 Version: 2.3.1.0)
GIMP 2.8.8 (Version: 2.8.8)
Identity Card (x32 Version: 1.00.3501)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java SE Development Kit 7 Update 9 (x32 Version: 1.7.0.90)
Java(TM) 6 Update 30 (64-bit) (Version: 6.0.300)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Launch Manager (x32 Version: 5.1.7)
LibreOffice 4.1 Help Pack (German) (x32 Version: 4.1.3.2)
LibreOffice 4.1.3.2 (x32 Version: 4.1.3.2)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
ManiaPlanet (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MOTORRAD Tourenplaner 2008/2009 (x32)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 24.2.0)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (x32 Version: 4.0.14.27)
MyWinLocker Suite (x32 Version: 4.0.14.19)
newsXpresso (x32 Version: 1.0.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
Notepad++ (x32 Version: 6.5.1)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
NVIDIA PhysX v8.04.25 (x32 Version: 8.04.25)
Origin (x32 Version: 9.3.10.4710)
PDFCreator (x32 Version: 1.5.0)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.97)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PunkBuster Services (x32 Version: 0.990)
PX Profile Update (x32 Version: 1.00.1.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steam (x32 Version: 1.0.0.0)
Supreme Commander 2 (x32)
Tom Clancy's H.A.W.X. 2 (x32 Version: 1.0.1)
Torchlight (x32 Version: 2.2.0.97)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97)
VLC media player 2.1.0 (x32 Version: 2.1.0)
VLC media player 2.1.1 (Version: 2.1.1)
Wedding Dash (x32 Version: 2.2.0.95)
Welcome Center (x32 Version: 1.02.3504)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Worms 4 Mayhem (x32 Version: 1.01.0000)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2011-10-20 10:00 - 2011-08-09 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-13 07:52 - 2011-10-13 07:52 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-13 22:03 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-13 22:03 - 2013-12-13 22:03 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2013 06:30:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2013 06:01:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 02:10:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 10:57:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/21/2013 11:18:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/20/2013 06:38:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/18/2013 09:01:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2013 07:42:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2013 08:44:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2013 10:04:42 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 52c
Startzeit: 01cef83c8128eb6f
Endzeit: 20
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 2866ee82-643a-11e3-991a-dc0ea1140460
System errors:
=============
Error: (12/22/2013 02:10:20 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 22.12.2013 um 14:08:08 unerwartet heruntergefahren.
Error: (12/13/2013 10:39:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/13/2013 10:39:21 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/06/2013 08:24:25 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (11/22/2013 09:09:15 PM) (Source: srv) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Error: (11/22/2013 09:01:15 PM) (Source: srv) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Error: (11/22/2013 08:52:15 PM) (Source: srv) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Error: (11/22/2013 08:49:15 PM) (Source: srv) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Error: (11/22/2013 08:35:15 PM) (Source: srv) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Error: (11/22/2013 08:31:15 PM) (Source: srv) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Microsoft Office Sessions:
=========================
Error: (12/23/2013 06:30:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2013 06:01:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 02:10:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 10:57:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/21/2013 11:18:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/20/2013 06:38:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/18/2013 09:01:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2013 07:42:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2013 08:44:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2013 10:04:42 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.508752c01cef83c8128eb6f20C:\Program Files (x86)\Mozilla Firefox\firefox.exe2866ee82-643a-11e3-991a-dc0ea1140460
CodeIntegrity Errors:
===================================
Date: 2013-12-23 08:55:29.670
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.670
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.670
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.638
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.623
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 08:55:29.623
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-23 07:51:18.828
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 8043.86 MB
Available physical RAM: 5156.07 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 12633.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:682.54 GB) (Free:430.25 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
matthias |
|
24.12.2013, 10:01
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hi,
__________________FRST bitte nochmal scannen lassen, unsere Tools brauchen immer Adminrechte.
__________________ |
|
24.12.2013, 13:38
| #3 | |
| | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo Schrauber,
__________________danke für deine Rückmeldung, ich arbeite eigentlich immer ohne Adminrechte, deswegen der unzureichende erste Scan. Hier sind die neuen Daten. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013
Ran by meister (administrator) on MEISTER-PC on 24-12-2013 12:53:17
Running from C:\Users\surfer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391192 2010-08-02] (Acronis)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5452488 2010-08-02] (Acronis)
HKLM-x32\...\Run: [SAOB Monitor] - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2570648 2010-08-02] (Acronis)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NWEReboot] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [BlueCoreInterfaceTrayApp] - C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe [551216 2013-10-10] ()
HKCU\...\RunOnce: [Application Restart #0] - C:\Windows\System32\perfmon.exe /res [172544 2010-11-21] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\marco\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-16] (Electronic Arts)
HKU\marco\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKU\spieler\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF ProfilePath: C:\Users\meister\AppData\Roaming\Mozilla\Firefox\Profiles\zu6a7mry.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-06-23] ()
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
==================== Drivers (Whitelisted) ====================
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-13] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-25] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-04-22] (Acronis)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-25] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-24 12:53 - 2013-12-24 12:54 - 00021287 _____ C:\Users\surfer\Desktop\FRST.txt
2013-12-23 20:02 - 2013-12-23 20:03 - 00036676 _____ C:\Users\surfer\Desktop\FRST20131223.txt
2013-12-23 20:02 - 2013-12-23 20:03 - 00024920 _____ C:\Users\surfer\Desktop\Addition20131223.txt
2013-12-23 20:01 - 2013-12-23 20:01 - 00000000 ____D C:\FRST
2013-12-23 19:41 - 2013-12-23 19:41 - 01928604 _____ (Farbar) C:\Users\surfer\Desktop\FRST64.exe
2013-12-23 07:32 - 2013-12-23 07:32 - 00000219 _____ C:\Users\surfer\Desktop\ Malwarebytes Anti-Malware .txt
2013-12-23 06:49 - 2013-12-23 06:49 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Users\meister\AppData\Roaming\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 06:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-23 06:43 - 2013-12-23 06:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 06:15 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-23 06:15 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-23 06:15 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-23 06:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-23 06:15 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-23 06:15 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-23 06:15 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-23 06:15 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-23 06:15 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-23 06:15 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-23 06:15 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-23 06:15 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-23 06:15 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-23 06:15 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-23 06:15 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-23 06:15 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-23 06:15 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-23 06:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-23 06:15 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-23 06:15 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-23 06:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-23 06:15 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-23 06:15 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-23 06:15 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-23 06:15 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-23 06:15 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-23 06:15 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-23 06:15 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-23 06:15 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-23 06:15 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-23 06:15 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 06:10 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-23 06:10 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-23 06:10 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-23 06:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-23 06:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-23 06:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-23 06:10 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-23 06:10 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-23 06:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-23 06:10 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-23 06:10 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-23 06:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-23 06:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-23 06:10 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-23 06:10 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-23 06:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-23 06:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-23 06:10 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-23 06:10 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-22 16:58 - 2013-12-22 16:58 - 00000000 ____D C:\.Trash-999
2013-12-21 13:17 - 2013-12-21 13:17 - 00019399 _____ C:\Users\surfer\Downloads\MultitaskingTest.htm
2013-12-15 20:56 - 2013-12-15 21:00 - 53582208 _____ (Citrix Systems, Inc.) C:\Users\surfer\Downloads\CitrixReceiverWeb.exe
2013-12-14 21:20 - 2013-12-15 00:01 - 00023552 _____ C:\Users\surfer\Desktop\Grundausstattungen.xls
2013-12-13 21:58 - 2013-12-13 21:59 - 21981704 _____ (Mozilla) C:\Users\surfer\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-13 21:57 - 2013-12-13 21:57 - 00283096 _____ (Mozilla) C:\Users\surfer\Downloads\Firefox Setup Stub 26.0.exe
2013-12-07 10:11 - 2013-12-07 10:11 - 00001501 _____ C:\Users\surfer\AppData\Local\recently-used.xbel
2013-12-06 21:34 - 2013-12-06 21:39 - 00000000 ____D C:\Users\surfer\Downloads\Telekom eumex800
2013-11-29 20:37 - 2013-11-29 20:45 - 00015317 _____ C:\Users\surfer\Documents\Touratech_navi_stromversorgung.odt
2013-11-27 16:40 - 2013-11-28 14:31 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-26 20:47 - 2013-11-26 20:47 - 00985600 _____ C:\Users\surfer\Downloads\MicrosoftFixit50123.msi
==================== One Month Modified Files and Folders =======
2013-12-24 12:54 - 2013-12-24 12:53 - 00021287 _____ C:\Users\surfer\Desktop\FRST.txt
2013-12-24 12:53 - 2011-11-21 14:18 - 02080189 _____ C:\Windows\WindowsUpdate.log
2013-12-24 12:51 - 2013-05-24 22:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-24 12:50 - 2012-09-09 20:01 - 00000295 _____ C:\Windows\Brownie.ini
2013-12-24 12:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-24 12:49 - 2009-07-14 05:51 - 00103987 _____ C:\Windows\setupact.log
2013-12-23 21:02 - 2012-04-01 14:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 20:03 - 2013-12-23 20:02 - 00036676 _____ C:\Users\surfer\Desktop\FRST20131223.txt
2013-12-23 20:03 - 2013-12-23 20:02 - 00024920 _____ C:\Users\surfer\Desktop\Addition20131223.txt
2013-12-23 20:01 - 2013-12-23 20:01 - 00000000 ____D C:\FRST
2013-12-23 19:41 - 2013-12-23 19:41 - 01928604 _____ (Farbar) C:\Users\surfer\Desktop\FRST64.exe
2013-12-23 08:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 07:32 - 2013-12-23 07:32 - 00000219 _____ C:\Users\surfer\Desktop\ Malwarebytes Anti-Malware .txt
2013-12-23 06:49 - 2013-12-23 06:49 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Users\meister\AppData\Roaming\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 06:43 - 2013-12-23 06:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 06:36 - 2011-11-21 23:11 - 00699682 _____ C:\Windows\system32\perfh007.dat
2013-12-23 06:36 - 2011-11-21 23:11 - 00149790 _____ C:\Windows\system32\perfc007.dat
2013-12-23 06:36 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 06:35 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 06:35 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 06:30 - 2009-07-14 05:45 - 00336992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 06:14 - 2013-07-11 19:57 - 00000000 ____D C:\Windows\system32\MRT
2013-12-23 06:11 - 2012-04-22 12:02 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-22 16:58 - 2013-12-22 16:58 - 00000000 ____D C:\.Trash-999
2013-12-21 13:17 - 2013-12-21 13:17 - 00019399 _____ C:\Users\surfer\Downloads\MultitaskingTest.htm
2013-12-18 22:04 - 2013-07-20 15:04 - 00000000 ____D C:\Users\surfer\Downloads\Klarmobil
2013-12-15 21:18 - 2013-01-21 07:47 - 00000000 ____D C:\Users\surfer\AppData\Roaming\ICAClient
2013-12-15 21:00 - 2013-12-15 20:56 - 53582208 _____ (Citrix Systems, Inc.) C:\Users\surfer\Downloads\CitrixReceiverWeb.exe
2013-12-15 00:01 - 2013-12-14 21:20 - 00023552 _____ C:\Users\surfer\Desktop\Grundausstattungen.xls
2013-12-14 20:43 - 2013-08-18 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 20:43 - 2012-06-03 17:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 20:43 - 2010-11-21 04:47 - 00205810 _____ C:\Windows\PFRO.log
2013-12-13 22:38 - 2012-04-07 11:28 - 00002090 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-12-13 22:38 - 2012-04-07 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 22:17 - 2013-04-01 19:22 - 00019974 _____ C:\Users\surfer\Documents\Wein.ods
2013-12-13 22:03 - 2012-04-01 14:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 22:03 - 2012-04-01 14:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 22:03 - 2012-03-12 12:34 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-13 22:03 - 2011-10-20 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 21:59 - 2013-12-13 21:58 - 21981704 _____ (Mozilla) C:\Users\surfer\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-13 21:57 - 2013-12-13 21:57 - 00283096 _____ (Mozilla) C:\Users\surfer\Downloads\Firefox Setup Stub 26.0.exe
2013-12-13 21:56 - 2013-08-27 20:06 - 00016384 _____ C:\Users\surfer\Downloads\Spritrechner.xls
2013-12-13 21:08 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-13 21:08 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-07 10:12 - 2012-11-07 20:31 - 00000000 ____D C:\Users\surfer\.gimp-2.8
2013-12-07 10:11 - 2013-12-07 10:11 - 00001501 _____ C:\Users\surfer\AppData\Local\recently-used.xbel
2013-12-06 21:39 - 2013-12-06 21:34 - 00000000 ____D C:\Users\surfer\Downloads\Telekom eumex800
2013-11-29 20:45 - 2013-11-29 20:37 - 00015317 _____ C:\Users\surfer\Documents\Touratech_navi_stromversorgung.odt
2013-11-28 14:31 - 2013-11-27 16:40 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-27 16:38 - 2012-04-01 16:36 - 00007607 _____ C:\Users\meister\AppData\Local\Resmon.ResmonCfg
2013-11-26 20:47 - 2013-11-26 20:47 - 00985600 _____ C:\Users\surfer\Downloads\MicrosoftFixit50123.msi
2013-11-26 12:54 - 2013-12-23 06:15 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-23 06:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-23 06:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-23 06:15 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-23 06:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-23 06:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-23 06:15 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-23 06:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-23 06:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-23 06:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-23 06:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-23 06:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-23 06:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-23 06:15 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-23 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-23 06:15 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-23 06:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-23 06:15 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-23 06:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-23 06:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-23 06:15 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-23 06:15 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-23 06:15 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-23 06:15 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-23 06:15 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-23 06:15 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-23 06:15 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-23 06:15 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-23 06:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-23 06:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-23 06:15 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
Files to move or delete:
====================
C:\Users\surfer\AppData\Roaming\eSReg.ini
C:\Users\surfer\CTX.DAT
Some content of TEMP:
====================
C:\Users\marco\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\meister\AppData\Local\Temp\xmlUpdater.exe
C:\Users\spieler\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\spieler\AppData\Local\Temp\ubiFE6C.tmp.exe
C:\Users\subchief\AppData\Local\Temp\_is685.exe
C:\Users\surfer\AppData\Local\Temp\drm_dialogs.dll
C:\Users\surfer\AppData\Local\Temp\drm_dyndata_7370014.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-21 14:30
==================== End Of Log ============================
--- --- --- --- --- --- Zitat:
Danke und schöne Feiertage Matthias |
|
25.12.2013, 14:29
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2013, 13:31
| #5 | ||
| | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo Schrauber, hier sind die Ergebnisse gewünschte Scans: Malwarebytes Zitat:
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 26/12/2013 um 12:12:50
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : meister - MEISTER-PC
# Gestartet von : C:\Users\surfer\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden C:\Users\meister\AppData\Roaming\pdfforge
Ordner Gefunden C:\Users\surfer\AppData\Roaming\pdfforge
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\meister\AppData\Roaming\Mozilla\Firefox\Profiles\zu6a7mry.default\prefs.js ]
[ Datei : C:\Users\spieler\AppData\Roaming\Mozilla\Firefox\Profiles\3x97m1e7.default\prefs.js ]
[ Datei : C:\Users\surfer\AppData\Roaming\Mozilla\Firefox\Profiles\ozowagv3.default-1370695269533\prefs.js ]
[ Datei : C:\Users\bibi\AppData\Roaming\Mozilla\Firefox\Profiles\4nu8rdy1.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1280 octets] - [26/12/2013 12:12:50]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1340 octets] ##########
AdwCleaner[S0].txt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 26/12/2013 um 12:13:46
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : meister - MEISTER-PC
# Gestartet von : C:\Users\surfer\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\meister\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\surfer\AppData\Roaming\pdfforge
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\meister\AppData\Roaming\Mozilla\Firefox\Profiles\zu6a7mry.default\prefs.js ]
[ Datei : C:\Users\spieler\AppData\Roaming\Mozilla\Firefox\Profiles\3x97m1e7.default\prefs.js ]
[ Datei : C:\Users\surfer\AppData\Roaming\Mozilla\Firefox\Profiles\ozowagv3.default-1370695269533\prefs.js ]
[ Datei : C:\Users\bibi\AppData\Roaming\Mozilla\Firefox\Profiles\4nu8rdy1.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1418 octets] - [26/12/2013 12:12:50]
AdwCleaner[S0].txt - [1345 octets] - [26/12/2013 12:13:46]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1405 octets] ##########
JRT.exe Zitat:
Gruß, Matthias |
|
27.12.2013, 10:35
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? |
|
27.12.2013, 21:19
| #7 | |
| | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo Schrauber, hier sind die Ergebnisse der gewünschten Scans so weit ich welche bekommen habe. Eset: Zitat:
SecurityCheck hat leider keine Log-Datei erzeugt, daher kann ich auch nichts liefern. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by meister (administrator) on MEISTER-PC on 27-12-2013 21:05:30
Running from C:\Users\surfer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391192 2010-08-02] (Acronis)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5452488 2010-08-02] (Acronis)
HKLM-x32\...\Run: [SAOB Monitor] - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2570648 2010-08-02] (Acronis)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NWEReboot] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [BlueCoreInterfaceTrayApp] - C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe [551216 2013-10-10] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\marco\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-16] (Electronic Arts)
HKU\marco\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKU\spieler\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\meister\AppData\Roaming\Mozilla\Firefox\Profiles\zu6a7mry.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-06-23] ()
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
==================== Drivers (Whitelisted) ====================
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-13] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-25] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-04-22] (Acronis)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-25] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-27 21:05 - 2013-12-27 21:05 - 00000000 ____D C:\Users\surfer\Desktop\FRST-OlderVersion
2013-12-27 17:03 - 2013-12-27 17:03 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-27 16:56 - 2013-12-27 16:57 - 00891200 _____ C:\Users\surfer\Desktop\SecurityCheck.exe
2013-12-27 16:54 - 2013-12-27 16:55 - 02347384 _____ (ESET) C:\Users\surfer\Downloads\esetsmartinstaller_enu.exe
2013-12-26 13:19 - 2013-12-26 13:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-12-26 13:13 - 2013-12-26 13:13 - 00000000 ____D C:\Users\surfer\AppData\Roaming\Malwarebytes
2013-12-26 13:08 - 2013-12-26 13:08 - 00002344 _____ C:\Users\meister\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-26 12:59 - 2013-12-27 21:05 - 00022345 _____ C:\Users\surfer\Desktop\FRST.txt
2013-12-26 12:34 - 2013-12-26 12:34 - 00000760 _____ C:\ProgramData\JRT.txt
2013-12-26 12:23 - 2013-12-26 12:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-26 12:12 - 2013-12-26 12:49 - 00000000 ____D C:\AdwCleaner
2013-12-26 12:06 - 2013-12-26 12:06 - 01034531 _____ (Thisisu) C:\Users\surfer\Desktop\JRT.exe
2013-12-26 12:05 - 2013-12-26 12:05 - 01233962 _____ C:\Users\surfer\Desktop\adwcleaner.exe
2013-12-24 12:54 - 2013-12-24 12:55 - 00027188 _____ C:\Users\surfer\Desktop\Addition20131224.txt
2013-12-24 12:53 - 2013-12-24 12:55 - 00039519 _____ C:\Users\surfer\Desktop\FRST20131224.txt
2013-12-23 20:02 - 2013-12-23 20:03 - 00036676 _____ C:\Users\surfer\Desktop\FRST20131223.txt
2013-12-23 20:02 - 2013-12-23 20:03 - 00024920 _____ C:\Users\surfer\Desktop\Addition20131223.txt
2013-12-23 20:01 - 2013-12-27 21:05 - 00000000 ____D C:\FRST
2013-12-23 19:41 - 2013-12-27 21:05 - 01930746 _____ (Farbar) C:\Users\surfer\Desktop\FRST64.exe
2013-12-23 07:32 - 2013-12-23 07:32 - 00000219 _____ C:\Users\surfer\Desktop\ Malwarebytes Anti-Malware .txt
2013-12-23 06:49 - 2013-12-23 06:49 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Users\meister\AppData\Roaming\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 06:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-23 06:43 - 2013-12-23 06:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 06:15 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-23 06:15 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-23 06:15 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-23 06:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-23 06:15 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-23 06:15 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-23 06:15 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-23 06:15 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-23 06:15 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-23 06:15 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-23 06:15 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-23 06:15 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-23 06:15 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-23 06:15 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-23 06:15 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-23 06:15 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-23 06:15 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-23 06:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-23 06:15 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-23 06:15 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-23 06:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-23 06:15 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-23 06:15 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-23 06:15 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-23 06:15 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-23 06:15 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-23 06:15 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-23 06:15 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-23 06:15 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-23 06:15 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-23 06:15 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 06:10 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-23 06:10 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-23 06:10 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-23 06:10 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-23 06:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-23 06:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-23 06:10 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-23 06:10 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-23 06:10 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-23 06:10 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-23 06:10 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-23 06:10 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-23 06:10 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-23 06:10 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-23 06:10 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-23 06:10 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-23 06:10 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-23 06:10 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-23 06:10 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-22 16:58 - 2013-12-22 16:58 - 00000000 ____D C:\.Trash-999
2013-12-21 13:17 - 2013-12-21 13:17 - 00019399 _____ C:\Users\surfer\Downloads\MultitaskingTest.htm
2013-12-15 20:56 - 2013-12-15 21:00 - 53582208 _____ (Citrix Systems, Inc.) C:\Users\surfer\Downloads\CitrixReceiverWeb.exe
2013-12-14 21:20 - 2013-12-15 00:01 - 00023552 _____ C:\Users\surfer\Desktop\Grundausstattungen.xls
2013-12-13 21:58 - 2013-12-13 21:59 - 21981704 _____ (Mozilla) C:\Users\surfer\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-13 21:57 - 2013-12-13 21:57 - 00283096 _____ (Mozilla) C:\Users\surfer\Downloads\Firefox Setup Stub 26.0.exe
2013-12-07 10:11 - 2013-12-07 10:11 - 00001501 _____ C:\Users\surfer\AppData\Local\recently-used.xbel
2013-12-06 21:34 - 2013-12-06 21:39 - 00000000 ____D C:\Users\surfer\Downloads\Telekom eumex800
2013-11-29 20:37 - 2013-11-29 20:45 - 00015317 _____ C:\Users\surfer\Documents\Touratech_navi_stromversorgung.odt
2013-11-27 16:40 - 2013-11-28 14:31 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
==================== One Month Modified Files and Folders =======
2013-12-27 21:06 - 2013-12-26 12:59 - 00022345 _____ C:\Users\surfer\Desktop\FRST.txt
2013-12-27 21:05 - 2013-12-27 21:05 - 00000000 ____D C:\Users\surfer\Desktop\FRST-OlderVersion
2013-12-27 21:05 - 2013-12-23 20:01 - 00000000 ____D C:\FRST
2013-12-27 21:05 - 2013-12-23 19:41 - 01930746 _____ (Farbar) C:\Users\surfer\Desktop\FRST64.exe
2013-12-27 21:03 - 2013-05-24 22:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-27 21:02 - 2012-04-01 14:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 20:31 - 2012-09-09 20:01 - 00000295 _____ C:\Windows\Brownie.ini
2013-12-27 20:31 - 2012-03-12 11:48 - 00000000 ____D C:\ProgramData\clear.fi
2013-12-27 17:03 - 2013-12-27 17:03 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-27 17:02 - 2011-11-21 23:11 - 00699682 _____ C:\Windows\system32\perfh007.dat
2013-12-27 17:02 - 2011-11-21 23:11 - 00149790 _____ C:\Windows\system32\perfc007.dat
2013-12-27 17:02 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 16:57 - 2013-12-27 16:56 - 00891200 _____ C:\Users\surfer\Desktop\SecurityCheck.exe
2013-12-27 16:55 - 2013-12-27 16:54 - 02347384 _____ (ESET) C:\Users\surfer\Downloads\esetsmartinstaller_enu.exe
2013-12-27 16:49 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 16:49 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 16:46 - 2011-11-21 14:18 - 01076545 _____ C:\Windows\WindowsUpdate.log
2013-12-27 16:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 16:42 - 2009-07-14 05:51 - 00104379 _____ C:\Windows\setupact.log
2013-12-26 13:20 - 2013-12-26 13:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-12-26 13:13 - 2013-12-26 13:13 - 00000000 ____D C:\Users\surfer\AppData\Roaming\Malwarebytes
2013-12-26 13:08 - 2013-12-26 13:08 - 00002344 _____ C:\Users\meister\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-26 13:08 - 2012-02-29 19:32 - 00073152 _____ C:\Users\meister\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 12:50 - 2012-03-12 12:34 - 00000000 ____D C:\Users\meister\AppData\Local\Mozilla
2013-12-26 12:49 - 2013-12-26 12:12 - 00000000 ____D C:\AdwCleaner
2013-12-26 12:34 - 2013-12-26 12:34 - 00000760 _____ C:\ProgramData\JRT.txt
2013-12-26 12:25 - 2012-02-29 19:34 - 00001425 _____ C:\Users\meister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-26 12:25 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\meister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-26 12:25 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\meister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-26 12:23 - 2013-12-26 12:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-26 12:06 - 2013-12-26 12:06 - 01034531 _____ (Thisisu) C:\Users\surfer\Desktop\JRT.exe
2013-12-26 12:05 - 2013-12-26 12:05 - 01233962 _____ C:\Users\surfer\Desktop\adwcleaner.exe
2013-12-24 12:55 - 2013-12-24 12:54 - 00027188 _____ C:\Users\surfer\Desktop\Addition20131224.txt
2013-12-24 12:55 - 2013-12-24 12:53 - 00039519 _____ C:\Users\surfer\Desktop\FRST20131224.txt
2013-12-23 20:03 - 2013-12-23 20:02 - 00036676 _____ C:\Users\surfer\Desktop\FRST20131223.txt
2013-12-23 20:03 - 2013-12-23 20:02 - 00024920 _____ C:\Users\surfer\Desktop\Addition20131223.txt
2013-12-23 08:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 07:32 - 2013-12-23 07:32 - 00000219 _____ C:\Users\surfer\Desktop\ Malwarebytes Anti-Malware .txt
2013-12-23 06:49 - 2013-12-23 06:49 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Users\meister\AppData\Roaming\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 06:49 - 2013-12-23 06:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 06:43 - 2013-12-23 06:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\surfer\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 06:30 - 2009-07-14 05:45 - 00336992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 06:14 - 2013-07-11 19:57 - 00000000 ____D C:\Windows\system32\MRT
2013-12-23 06:11 - 2012-04-22 12:02 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-22 16:58 - 2013-12-22 16:58 - 00000000 ____D C:\.Trash-999
2013-12-21 13:17 - 2013-12-21 13:17 - 00019399 _____ C:\Users\surfer\Downloads\MultitaskingTest.htm
2013-12-18 22:04 - 2013-07-20 15:04 - 00000000 ____D C:\Users\surfer\Downloads\Klarmobil
2013-12-15 21:18 - 2013-01-21 07:47 - 00000000 ____D C:\Users\surfer\AppData\Roaming\ICAClient
2013-12-15 21:00 - 2013-12-15 20:56 - 53582208 _____ (Citrix Systems, Inc.) C:\Users\surfer\Downloads\CitrixReceiverWeb.exe
2013-12-15 00:01 - 2013-12-14 21:20 - 00023552 _____ C:\Users\surfer\Desktop\Grundausstattungen.xls
2013-12-14 20:43 - 2013-08-18 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 20:43 - 2012-06-03 17:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 20:43 - 2010-11-21 04:47 - 00205810 _____ C:\Windows\PFRO.log
2013-12-13 22:38 - 2012-04-07 11:28 - 00002090 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-12-13 22:38 - 2012-04-07 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 22:17 - 2013-04-01 19:22 - 00019974 _____ C:\Users\surfer\Documents\Wein.ods
2013-12-13 22:03 - 2012-04-01 14:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 22:03 - 2012-04-01 14:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 22:03 - 2012-03-12 12:34 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-13 22:03 - 2011-10-20 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 21:59 - 2013-12-13 21:58 - 21981704 _____ (Mozilla) C:\Users\surfer\Downloads\Thunderbird Setup 24.2.0.exe
2013-12-13 21:57 - 2013-12-13 21:57 - 00283096 _____ (Mozilla) C:\Users\surfer\Downloads\Firefox Setup Stub 26.0.exe
2013-12-13 21:56 - 2013-08-27 20:06 - 00016384 _____ C:\Users\surfer\Downloads\Spritrechner.xls
2013-12-13 21:08 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-13 21:08 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-07 10:12 - 2012-11-07 20:31 - 00000000 ____D C:\Users\surfer\.gimp-2.8
2013-12-07 10:11 - 2013-12-07 10:11 - 00001501 _____ C:\Users\surfer\AppData\Local\recently-used.xbel
2013-12-06 21:39 - 2013-12-06 21:34 - 00000000 ____D C:\Users\surfer\Downloads\Telekom eumex800
2013-11-29 20:45 - 2013-11-29 20:37 - 00015317 _____ C:\Users\surfer\Documents\Touratech_navi_stromversorgung.odt
2013-11-28 14:31 - 2013-11-27 16:40 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-27 16:38 - 2012-04-01 16:36 - 00007607 _____ C:\Users\meister\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\surfer\AppData\Roaming\eSReg.ini
C:\Users\surfer\CTX.DAT
Some content of TEMP:
====================
C:\Users\marco\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\meister\AppData\Local\Temp\Quarantine.exe
C:\Users\meister\AppData\Local\Temp\xmlUpdater.exe
C:\Users\spieler\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\spieler\AppData\Local\Temp\ubiFE6C.tmp.exe
C:\Users\subchief\AppData\Local\Temp\_is685.exe
C:\Users\surfer\AppData\Local\Temp\drm_dialogs.dll
C:\Users\surfer\AppData\Local\Temp\drm_dyndata_7370014.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-21 14:30
==================== End Of Log ============================
--- --- --- --- --- --- [/QUOTE] An meinen Problem mit den Zertifikaten hat sich nichts geändert, Was denkst Du über eine Deinstallation und Neuinstallation des Firefox? Sollte ich meine alten Java-Versionen wegwerfen (alles was älter als 7u45 ist, auch JRE?)? Viele Grüße Matthias |
|
28.12.2013, 18:07
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Ja, alles alte an Java weg. Firefox komplett deinstallieren, keine Daten behalten, neu installieren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.12.2013, 15:43
| #9 |
| | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo Schrauber, die alten Java-Versionen sind alle gelöscht, so weit so gut. Der Firefox stellt sich deutlich hartnäckiger an. SSL-verschlüsselte Seiten werden weiterhin mit einer Fehlermeldung nicht geöffnet. Hier hat Deinstallieren und neu Installieren es eigentlich verschlechtert. Nachdem sich das Verhalten für meinen Standard-Nutzer (Non-Admin) nicht geändert hat, habe ich Firefox mit einem Admin-User benutzt und es funktionierte. Auch nach mehrfachem Deinstallieren und Neuinstallieren. Das Verhalten war immer gleich Admin ok, Non-Admin nicht ok. Also habe ich alle mit Mozilla und Firefox zusammenhängenden und nach der Deinstallation vorhandenen Dateien und Verzeichnisse gelöscht. Ergebnis nach erneuter Installation jetzt kann auch der Admin nicht mehr. Ich könnte kotzen. Um das Ganze genau zu beschreiben, lade ich einen Screenshot hoch. Ich möchte auch nicht für jede https-Seite eine Ausnahme einrichten, das muss auch anders gehen. Irgendwie scheinen die SSL-Zertifikate von Seiten wie Google, Arcor, paypal etc nicht als gültig erkannt zu werden. Vielleicht hast Du ja einen Tipp wie ich meinem Firefox gültige Zertfikate unterschieben kann. Die Zertifikate (cert8.db) vom Rechner meines Sohnes brachten eine andere Fehlermeldung. Danke und viele Grüße Matthias |
|
30.12.2013, 11:04
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hi, setz den FF in beiden Konten bitte mal komplett zurück.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.12.2013, 21:11
| #11 |
| | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo Schrauber, ich habe wie beschrieben alle Dateien und Verzeichnisse, die ich mit FF in Verbindung bringen konnte, gelöscht. Das geschah zusätzlich zum Deinstallieren des FF. Was meinst Du mit Konten im FF zurücksetzen? Ich habe aber eine ganz andere Entdeckung gemacht, die erklärt warum ich keinen Zugriff auf ssl-verschlüsselte Seiten hatte. Im Kasperski gibt es die Möglichkeit bei ssl-verschlüsselten Seiten die Echtheit des Zertifikates überprüfen zu lassen, dies funktioniert aber wohl nicht richtig und liefert den entsprechenden Fehlerscreen. Wenn ich die Prüfung abschalte, funktioniert alles wie früher. Es kann sein, dass ich im Rahmen meiner Suche, ob diese "BKA-Seite" was hinterlassen hat, diese Prüfung eingeschaltet hatte. Haben denn die Scans irgendetwas Auffälliges ergeben, was noch bearbeitet werden muss? Viele Grüße und guten Rutsch Matthias |
|
31.12.2013, 15:17
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Nö ansonsten sind wir durch Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2014, 20:50
| #13 |
| | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Hallo Schrauber, Danke für Deine Hilfe, das Ganze verlief ja glimpflich und ist jetzt abgeschlossen. Viel Spass auch zukünftig bei der Trojanaerjagd. Viele Grüße Matthias |
|
02.01.2014, 17:00
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 Firefox26 BrowserZertifikate plötzlich ungültig ? |
| bingbar, branding, browser zertifikate unsichere verbindung, defender, downloader, ebanking, error, firefox, flash player, geld, gesperrt, helper, home, kaspersky, klelam.sys, launch, mozilla, plug-in, programm, realtek, registry, richtlinie, rundll, scan, security, services.exe, siteadvisor, software, svchost.exe, symantec, trojaner, usb, wildtangent games, windows |
Linear-Darstellung
