| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2014, 12:58
| #1 |
| |  SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Hallo :-) Ich habe folgendes Problem: Ich muss mir gestern aus Versehen irgendein Programm runtergeladen haben, welches ich nicht haben will. Den genauen Namen weiß ich nicht mehr - das Programm hat jedenfalls angeboten, alle Treiber auf den neuesten Stand zu bringen. Das Programm ist jedesmal automatisch gestartet. Außerdem war (unter anderem) mein Start-Browser plötzlich anders und auch die Suchmaschine war weg und durch eine andere ersetzt. Ich vermute, das hing mit dem Programm zusammen. Ich habe das Programm deinstalliert (über Systemsteuerung - Software ...) und siehe da, plötzlich war da nun das Programm "SpeedUpMyComputer". Auch das habe ich deinstalliert, und dieses Programm wurde durch "FixMyRegistry" ersetzt. Ok, dachte ich, mach ich das weg - und da war wieder "SpeedUpMyComputer". So habe ich das ein paar mal probiert - es gelingt mir nicht, die Programme zu entfernen: entweder ich habe "SpeedUpMyComputer" oder aber "FixMyRegistry". Ich will aber keines von Beiden und befürchte nun, dass da etwas nicht stimmt (Spyware?). Ich weis mir nicht mehr zu helfen :-( Freundliche Grüße, Conny |
|
09.02.2014, 13:09
| #2 |
| /// Malwareteam   | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
09.02.2014, 13:10
| #3 |
| /// Malwareteam | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Hallo oops_67,
__________________mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweise
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
|
09.02.2014, 16:17
| #4 |
| | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Vielen Dank! :-) Hier die Files: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014
Ran by cornelia danzer (administrator) on CORNELIADANZER on 09-02-2014 16:13:53
Running from C:\Users\cornelia danzer\Desktop\Trojaner Board 9-2-2014
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [FontExpertType1Loader] - C:\Program Files (x86)\FontExpert\Type1Loader.exe [294776 2011-10-31] (Proxima Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2054776 2013-07-22] ()
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [FixMyRegistry] - C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default
FF user.js: detected! => C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\user.js
FF Homepage: hxxp://start.iminent.com/?appId=20118C4D-43C6-4087-89C8-525CA723D4CC
FF SelectedSearchEngine: StartWeb
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\webde-suche.xml
FF Extension: Xmarks - C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\Extensions\foxmarks@kei.com [2013-05-22]
FF Extension: WEB.DE MailCheck - C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\Extensions\toolbar@web.de.xpi [2012-02-12]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-10]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "translate_accepted_count": {
"en": 0,
"fi"
CHR Extension: (Google Docs) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-11]
CHR Extension: (Google Drive) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (YouTube) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google-Suche) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-22]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-22]
CHR Extension: (Content Blocker) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-22]
CHR Extension: (Virtual Keyboard) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
CHR Extension: (Anti-Banner) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [154352 2009-08-28] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-07] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-09 16:13 - 2014-02-09 16:13 - 00000000 ____D () C:\FRST
2014-02-09 16:10 - 2014-02-09 16:13 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Trojaner Board 9-2-2014
2014-02-09 13:03 - 2014-02-09 13:04 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{082FDD51-9F19-4757-81F3-00F2005673B7}
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 _____ () C:\autoexec.bat
2014-02-09 12:03 - 2014-02-09 12:33 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-09 11:58 - 2014-02-09 11:58 - 00001266 _____ () C:\Users\cornelia danzer\Desktop\SpeedUpMyComputer.lnk
2014-02-09 10:33 - 2014-02-09 10:33 - 00000000 ____D () C:\ProgramData\RegClean
2014-02-09 10:20 - 2014-02-09 10:20 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:07 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\SoftThinks
2014-02-09 10:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-09 10:20 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-02-09 10:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-09 10:20 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-09 10:20 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-09 10:20 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-09 10:20 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-09 10:20 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-09 10:20 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-09 10:20 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-09 10:20 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-09 10:20 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-09 10:20 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-09 10:20 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-09 10:20 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-09 10:20 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-09 10:20 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-02-09 10:20 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-09 10:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-09 10:20 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-02-09 10:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-09 10:20 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-09 10:20 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-09 10:20 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-09 10:20 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-09 10:20 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-09 10:20 - 2012-01-18 14:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-02-09 10:20 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 10:20 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 10:19 - 2013-08-09 02:05 - 03310693 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-09 10:18 - 2014-02-09 10:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 10:17 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-09 10:17 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-08 19:14 - 2014-02-08 19:14 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\DriverTuner
2014-02-08 14:39 - 2014-02-08 14:39 - 00000796 _____ () C:\Users\cornelia danzer\Desktop\Scanns - Verknüpfung.lnk
2014-02-08 14:38 - 2014-02-08 18:44 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Canon
2014-02-08 14:38 - 2014-02-08 14:38 - 00000000 _____ () C:\Users\cornelia danzer\Sti_Trace.log
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-08 14:21 - 2006-06-27 16:28 - 00322048 _____ () C:\Windows\system32\CNQL3203.DLL
2014-02-08 14:21 - 2006-04-11 16:06 - 00064512 _____ (CANON INC.) C:\Windows\system32\CNQU86.DLL
2014-02-08 14:18 - 2014-02-08 14:18 - 00003232 _____ () C:\Windows\System32\Tasks\{33E1B1E3-225F-43F4-9D4B-7AFE1625DB92}
2014-02-08 13:56 - 2014-02-08 13:56 - 00003286 _____ () C:\Windows\System32\Tasks\{619CE854-F31C-4298-B87A-AEF1A6C703A8}
2014-02-08 13:52 - 2014-02-09 15:52 - 00000302 _____ () C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job
2014-02-08 13:52 - 2014-02-09 11:58 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-02-08 13:52 - 2014-02-09 11:58 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-02-08 13:52 - 2014-02-08 19:02 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-02-08 13:52 - 2014-02-08 13:52 - 00003270 _____ () C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\IminentToolbar
2014-02-08 13:44 - 2014-02-08 13:44 - 00003278 _____ () C:\Windows\System32\Tasks\{00426139-28BB-4EAB-86B5-CA3233D1483C}
2014-02-08 10:07 - 2014-02-08 10:07 - 00000000 ____D () C:\Users\cornelia danzer\Documents\Steuer-Sparbuch
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{24D4CF7D-4A90-4584-BDAB-74C650A38894}
2014-02-07 14:27 - 2014-02-07 14:27 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{5681DAF0-03EE-4DEA-88BC-3B7CA256E656}
2014-02-07 14:24 - 2014-02-07 14:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-02-06 18:10 - 2014-02-06 18:10 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{A930BE9E-0C59-48EB-91D1-4F9CA53931CD}
2014-02-05 17:46 - 2014-02-05 17:46 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6F6ACFE1-F4B9-446A-BA5B-AA718E935165}
2014-02-04 19:21 - 2014-02-04 19:22 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{07507FDB-4799-40B9-937A-D413081ADDB3}
2014-02-02 19:59 - 2014-02-02 20:00 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{E3394A85-2096-447B-99CB-E4888930FF27}
2014-02-02 19:45 - 2014-02-02 19:45 - 00002101 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-02-02 19:45 - 2014-02-02 19:45 - 00000080 _____ () C:\Windows\wiso.ini
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl
2014-02-02 19:44 - 2014-02-02 19:45 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-02 19:44 - 2014-02-02 19:44 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-02-02 19:43 - 2014-02-02 19:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9723ACB-BAE7-4F4F-8839-ADB7F1748E59}
2014-02-02 18:12 - 2014-02-02 18:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{ABA11A69-FD8D-442B-BEE8-3AF599422152}
2014-02-01 16:23 - 2014-02-01 16:23 - 07011040 _____ () C:\Users\cornelia danzer\Desktop\muster.tif
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{3DCA4205-EE3E-425A-BE8C-C1590B7F3A21}
2014-01-26 11:54 - 2014-01-26 11:54 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C3C21092-FCCE-459C-8C70-6B6B689D63D0}
2014-01-21 20:31 - 2013-11-11 19:13 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-21 20:30 - 2013-11-11 19:13 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-21 20:30 - 2013-11-11 19:13 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-21 20:30 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-01-21 20:30 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-01-21 18:24 - 2014-01-21 18:24 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{F940FABB-EC52-4986-A928-E8DF2C4F244A}
2014-01-21 17:52 - 2014-01-21 17:52 - 00003356 _____ () C:\Windows\System32\Tasks\DriverTuner Startup
2014-01-21 17:52 - 2014-01-21 17:52 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-01-19 19:40 - 2014-01-19 19:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{91F3164C-DA07-49F0-AA65-72D2882B24A5}
2014-01-19 19:36 - 2014-01-26 11:55 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Kaspersky 01_2014
2014-01-18 10:39 - 2014-01-18 10:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C662BE46-B65A-4928-B4D7-28629B919E39}
2014-01-16 15:27 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 15:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 15:27 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 17:49 - 2014-01-14 17:49 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{2F6B7D11-841E-42C3-9334-75E36BD870D1}
2014-01-12 18:18 - 2014-01-12 18:18 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{54D15201-9F54-4F17-A4EB-EEAA5DE88594}
2014-01-10 19:45 - 2014-01-10 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6D9C874E-F599-44DC-B61C-DD7D235DC944}
==================== One Month Modified Files and Folders =======
2014-02-09 16:13 - 2014-02-09 16:13 - 00000000 ____D () C:\FRST
2014-02-09 16:13 - 2014-02-09 16:10 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Trojaner Board 9-2-2014
2014-02-09 16:13 - 2012-04-05 17:06 - 00000000 ____D () C:\Users\cornelia danzer\Downloads\wegwerf
2014-02-09 15:59 - 2013-08-11 21:41 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 15:52 - 2014-02-08 13:52 - 00000302 _____ () C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job
2014-02-09 15:46 - 2012-02-11 12:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-09 15:32 - 2012-04-03 15:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 14:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-09 13:04 - 2014-02-09 13:03 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{082FDD51-9F19-4757-81F3-00F2005673B7}
2014-02-09 12:48 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 12:48 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 12:46 - 2010-11-21 07:50 - 00710954 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 12:46 - 2010-11-21 07:50 - 00155026 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 12:46 - 2009-07-14 06:13 - 01653302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 12:44 - 2013-08-03 06:47 - 02091492 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 12:43 - 2012-01-18 14:53 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-09 12:40 - 2013-08-11 21:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 12:40 - 2012-01-18 15:02 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-09 12:40 - 2012-01-18 15:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-09 12:40 - 2012-01-18 14:38 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-09 12:39 - 2013-08-03 06:45 - 00009379 _____ () C:\Windows\setupact.log
2014-02-09 12:39 - 2013-08-03 06:44 - 00182448 _____ () C:\Windows\PFRO.log
2014-02-09 12:39 - 2012-01-18 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-09 12:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 12:33 - 2014-02-09 12:03 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-09 12:32 - 2013-07-05 08:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Apps\2.0
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 _____ () C:\autoexec.bat
2014-02-09 11:58 - 2014-02-09 11:58 - 00001266 _____ () C:\Users\cornelia danzer\Desktop\SpeedUpMyComputer.lnk
2014-02-09 11:58 - 2014-02-08 13:52 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-02-09 11:58 - 2014-02-08 13:52 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-02-09 10:33 - 2014-02-09 10:33 - 00000000 ____D () C:\ProgramData\RegClean
2014-02-09 10:20 - 2014-02-09 10:20 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 10:20 - 2012-01-18 13:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-09 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-09 10:17 - 2012-02-09 19:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Adobe
2014-02-09 10:13 - 2011-02-11 19:06 - 01626646 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-09 10:07 - 2014-02-09 10:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\SoftThinks
2014-02-08 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-08 19:14 - 2014-02-08 19:14 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\DriverTuner
2014-02-08 19:03 - 2013-07-03 16:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 19:02 - 2014-02-08 13:52 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-02-08 18:44 - 2014-02-08 14:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Canon
2014-02-08 14:39 - 2014-02-08 14:39 - 00000796 _____ () C:\Users\cornelia danzer\Desktop\Scanns - Verknüpfung.lnk
2014-02-08 14:38 - 2014-02-08 14:38 - 00000000 _____ () C:\Users\cornelia danzer\Sti_Trace.log
2014-02-08 14:38 - 2012-02-09 17:54 - 00000000 ____D () C:\Users\cornelia danzer
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-08 14:26 - 2012-01-18 14:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-08 14:21 - 2012-03-06 19:39 - 00000000 ___HD () C:\CanoScan
2014-02-08 14:18 - 2014-02-08 14:18 - 00003232 _____ () C:\Windows\System32\Tasks\{33E1B1E3-225F-43F4-9D4B-7AFE1625DB92}
2014-02-08 13:56 - 2014-02-08 13:56 - 00003286 _____ () C:\Windows\System32\Tasks\{619CE854-F31C-4298-B87A-AEF1A6C703A8}
2014-02-08 13:52 - 2014-02-08 13:52 - 00003270 _____ () C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\IminentToolbar
2014-02-08 13:44 - 2014-02-08 13:44 - 00003278 _____ () C:\Windows\System32\Tasks\{00426139-28BB-4EAB-86B5-CA3233D1483C}
2014-02-08 12:07 - 2013-05-30 14:58 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\DaWanda Texte
2014-02-08 10:07 - 2014-02-08 10:07 - 00000000 ____D () C:\Users\cornelia danzer\Documents\Steuer-Sparbuch
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{24D4CF7D-4A90-4584-BDAB-74C650A38894}
2014-02-07 14:27 - 2014-02-07 14:27 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{5681DAF0-03EE-4DEA-88BC-3B7CA256E656}
2014-02-07 14:24 - 2014-02-07 14:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-02-06 18:10 - 2014-02-06 18:10 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{A930BE9E-0C59-48EB-91D1-4F9CA53931CD}
2014-02-05 17:46 - 2014-02-05 17:46 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6F6ACFE1-F4B9-446A-BA5B-AA718E935165}
2014-02-05 16:41 - 2013-08-03 06:45 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-04 19:22 - 2014-02-04 19:21 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{07507FDB-4799-40B9-937A-D413081ADDB3}
2014-02-02 20:00 - 2014-02-02 19:59 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{E3394A85-2096-447B-99CB-E4888930FF27}
2014-02-02 19:45 - 2014-02-02 19:45 - 00002101 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-02-02 19:45 - 2014-02-02 19:45 - 00000080 _____ () C:\Windows\wiso.ini
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl
2014-02-02 19:45 - 2014-02-02 19:44 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-02 19:44 - 2014-02-02 19:44 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-02-02 19:43 - 2014-02-02 19:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9723ACB-BAE7-4F4F-8839-ADB7F1748E59}
2014-02-02 19:07 - 2013-05-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-02 18:12 - 2014-02-02 18:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{ABA11A69-FD8D-442B-BEE8-3AF599422152}
2014-02-01 16:23 - 2014-02-01 16:23 - 07011040 _____ () C:\Users\cornelia danzer\Desktop\muster.tif
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{3DCA4205-EE3E-425A-BE8C-C1590B7F3A21}
2014-01-26 11:55 - 2014-01-19 19:36 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Kaspersky 01_2014
2014-01-26 11:54 - 2014-01-26 11:54 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C3C21092-FCCE-459C-8C70-6B6B689D63D0}
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-21 18:24 - 2014-01-21 18:24 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{F940FABB-EC52-4986-A928-E8DF2C4F244A}
2014-01-21 17:52 - 2014-01-21 17:52 - 00003356 _____ () C:\Windows\System32\Tasks\DriverTuner Startup
2014-01-21 17:52 - 2014-01-21 17:52 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-01-19 19:40 - 2014-01-19 19:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{91F3164C-DA07-49F0-AA65-72D2882B24A5}
2014-01-18 10:40 - 2014-01-18 10:39 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C662BE46-B65A-4928-B4D7-28629B919E39}
2014-01-18 08:51 - 2013-08-01 17:03 - 06475960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 15:29 - 2013-08-11 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 15:26 - 2012-02-09 20:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 17:49 - 2014-01-14 17:49 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{2F6B7D11-841E-42C3-9334-75E36BD870D1}
2014-01-12 18:18 - 2014-01-12 18:18 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{54D15201-9F54-4F17-A4EB-EEAA5DE88594}
2014-01-10 19:45 - 2014-01-10 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6D9C874E-F599-44DC-B61C-DD7D235DC944}
Some content of TEMP:
====================
C:\Users\cornelia danzer\AppData\Local\Temp\bitool.dll
C:\Users\cornelia danzer\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\cornelia danzer\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\IMsetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SBLCopyF.EXE
C:\Users\cornelia danzer\AppData\Local\Temp\sdanircmdc.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SHSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\cornelia danzer\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 11:50
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014
Ran by cornelia danzer at 2014-02-09 16:14:10
Running from C:\Users\cornelia danzer\Desktop\Trojaner Board 9-2-2014
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
AAVUpdateManager (x32 Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.9 - Adobe Systems)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Premium (x32 Version: 5.0 - Adobe Systems Incorporated)
Adobe CS6 Design and Web Premium (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe® Content Viewer (x32 Version: 3.2.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
CanoScan Toolbox Ver4.6 (x32 Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (x32 Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (x32 Version: 2.1.19634 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (x32 Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (x32 Version: 1.5.0.65 - ArcSoft)
Dell Stage (x32 Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (x32 Version: 2.0.0.50 - ArcSoft)
Dell System Detect (HKCU Version: 5.0.2.57 - Dell)
Dell System Detect Bootstrapper (HKCU Version: 1.1.0.15 - Dell)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell-Druckersoftware (x32 Version: 1.00.000 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriverTuner 3.1.0.1 (x32 Version: 3.1.0.1 - LionSea SoftWare)
eBay (x32 Version: 1.4.0 - eBay Inc.)
ElsterFormular (x32 Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.7.0.1 (x32 Version: 3.7.0.1 - FileZilla Project)
FontExpert 2011 Font Manager (x32 Version: 11.0.0.1 - Proxima Software)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002 - Intel Corporation)
iTunes (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Mein CEWE FOTOBUCH (x32 Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.17700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 320.78 (Version: 320.78 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.78 (Version: 320.78 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
Opera Stable 15.0.1147.153 (x32 Version: 15.0.1147.153 - Opera Software ASA)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpeedUpMyComputer (x32 Version: 38.1 - SmartTweak Software) <==== ATTENTION
Steuer-Spar-Erklärung 2013 (x32 Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
SyncUP (x32 Version: 10.2.15400 - Nero AG)
THX TruStudio PC (x32 Version: 1.0 - Creative Technology Limited)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (x32 Version: 21.02.8520 - Buhl Data Service GmbH)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Restore Points =========================
25-01-2014 23:00:02 Geplanter Prüfpunkt
02-02-2014 11:51:02 Geplanter Prüfpunkt
02-02-2014 18:44:36 Installiert WISO Steuer-Sparbuch 2014
08-02-2014 18:00:53 Removed Bonjour
09-02-2014 09:10:24 Windows Update
09-02-2014 09:17:48 Windows Update
09-02-2014 11:03:40 Installed SpyHunter
09-02-2014 11:33:11 Removed SpyHunter
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-08-11 08:43 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0605644E-DC71-4FF9-83D9-F60858E71813} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {5A1987C3-7035-473E-9F4F-9ACE0ABB91FF} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {6B5DA325-AEA4-4151-AC3D-1D4B9AD0B71B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)
Task: {80D0A3BE-4928-4DDF-BC19-282452A3F068} - System32\Tasks\AdobeAAMUpdater-1.0-corneliadanzer-cornelia danzer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {89A9905D-87C0-4042-BAF9-DB46F3C5A067} - System32\Tasks\DriverTuner Startup => C:\Program Files (x86)\DriverTuner\DriverTuner.exe [2013-07-11] (LionSea)
Task: {9EE65D86-8E74-4754-A3E9-CBFBC2523798} - System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD} => C:\Program Files\V-bates\PrefHelper.exe
Task: {E3E5F17C-145C-4906-9C82-C5902EC360A3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F40957E5-C5DE-403E-8247-66BE87075298} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-04-03 20:07 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-02-01 10:50 - 2012-02-01 10:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-01-18 14:38 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-06-26 16:37 - 2013-06-26 16:37 - 00815104 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-12-18 19:43 - 2013-12-18 19:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-08-15 17:33 - 2013-08-15 17:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1beb84c27c2edeb38839916524b9df4d\IsdiInterop.ni.dll
2012-01-18 14:36 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-04 17:00 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 17:00 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 17:00 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 17:00 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 17:00 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 17:00 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2014 00:41:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 10:27:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 10:08:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 07:14:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 02:32:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 09:26:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 02:24:16 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (02/07/2014 02:15:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 04:43:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 04:51:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/09/2014 10:27:20 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/09/2014 10:07:51 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/09/2014 10:07:21 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/08/2014 07:14:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/08/2014 07:13:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/08/2014 02:36:15 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/08/2014 01:52:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinkHandler" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (02/08/2014 01:52:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (02/08/2014 09:29:45 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (02/07/2014 02:23:14 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
Microsoft Office Sessions:
=========================
Error: (02/09/2014 00:41:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 10:27:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 10:08:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 07:14:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 02:32:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 09:26:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 02:24:16 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error: (02/07/2014 02:15:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 04:43:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 04:51:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-02-09 14:17:25.691
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-09 14:17:25.689
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-09 14:17:25.686
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-09 14:17:25.675
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-09 14:17:25.674
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-09 14:17:25.671
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 11:52:37.904
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 11:52:37.902
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 11:52:37.900
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 11:52:37.889
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 16366.45 MB
Available physical RAM: 13361.95 MB
Total Pagefile: 32731.07 MB
Available Pagefile: 29392.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:359.43 GB) NTFS
Drive d: (Connys Daten) (Fixed) (Total:931.51 GB) (Free:803.9 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:465.65 GB) (Free:112.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 2689BAB5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2689BAA0)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 822D1B13)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)
==================== End Of Log ============================
|
|
10.02.2014, 07:23
| #5 |
| /// Malwareteam | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7). Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
10.02.2014, 17:59
| #6 |
| | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallierenCode:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 10/02/2014 um 17:48:52
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : cornelia danzer - CORNELIADANZER
# Gestartet von : C:\Users\cornelia danzer\Desktop\Trojaner Board 2014\AdwCleaner\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\RegClean
Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
Ordner Gelöscht : C:\Users\CORNEL~1\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\CORNEL~1\AppData\Local\Temp\TempDir
Ordner Gelöscht : C:\Users\cornelia danzer\AppData\Roaming\IminentToolbar
Ordner Gelöscht : C:\Users\cornelia danzer\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\iminent.xml
Datei Gelöscht : C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\user.js
Datei Gelöscht : C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v
[ Datei : C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3027 octets] - [10/02/2014 17:48:09]
AdwCleaner[S0].txt - [2832 octets] - [10/02/2014 17:48:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2892 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by cornelia danzer (administrator) on CORNELIADANZER on 10-02-2014 17:58:24
Running from C:\Users\cornelia danzer\Desktop\Trojaner Board 2014\FRST
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [FontExpertType1Loader] - C:\Program Files (x86)\FontExpert\Type1Loader.exe [294776 2011-10-31] (Proxima Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [FixMyRegistry] - C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default
FF Homepage: hxxp://start.iminent.com/?appId=20118C4D-43C6-4087-89C8-525CA723D4CC
FF SelectedSearchEngine: StartWeb
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\webde-suche.xml
FF Extension: Xmarks - C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\Extensions\foxmarks@kei.com [2013-05-22]
FF Extension: WEB.DE MailCheck - C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\Extensions\toolbar@web.de.xpi [2012-02-12]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-10]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "translate_accepted_count": {
"en": 0,
"fi"
CHR Extension: (Google Docs) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-11]
CHR Extension: (Google Drive) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (YouTube) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google-Suche) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-22]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-22]
CHR Extension: (Content Blocker) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-22]
CHR Extension: (Virtual Keyboard) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
CHR Extension: (Anti-Banner) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [154352 2009-08-28] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-07] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-10 17:48 - 2014-02-10 17:48 - 00000000 ____D () C:\AdwCleaner
2014-02-09 16:13 - 2014-02-10 17:58 - 00000000 ____D () C:\FRST
2014-02-09 16:10 - 2014-02-10 17:46 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Trojaner Board 2014
2014-02-09 13:03 - 2014-02-09 13:04 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{082FDD51-9F19-4757-81F3-00F2005673B7}
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 _____ () C:\autoexec.bat
2014-02-09 12:03 - 2014-02-09 12:33 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-09 10:20 - 2014-02-09 10:20 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:07 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\SoftThinks
2014-02-09 10:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-09 10:20 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-02-09 10:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-09 10:20 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-09 10:20 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-09 10:20 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-09 10:20 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-09 10:20 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-09 10:20 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-09 10:20 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-09 10:20 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-09 10:20 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-09 10:20 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-09 10:20 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-09 10:20 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-09 10:20 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-09 10:20 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-02-09 10:20 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-09 10:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-09 10:20 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-02-09 10:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-09 10:20 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-09 10:20 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-09 10:20 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-09 10:20 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-09 10:20 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-09 10:20 - 2012-01-18 14:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-02-09 10:20 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 10:20 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 10:19 - 2013-08-09 02:05 - 03310693 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-09 10:18 - 2014-02-09 10:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 10:17 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-09 10:17 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-08 19:14 - 2014-02-08 19:14 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\DriverTuner
2014-02-08 14:39 - 2014-02-08 14:39 - 00000796 _____ () C:\Users\cornelia danzer\Desktop\Scanns - Verknüpfung.lnk
2014-02-08 14:38 - 2014-02-08 18:44 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Canon
2014-02-08 14:38 - 2014-02-08 14:38 - 00000000 _____ () C:\Users\cornelia danzer\Sti_Trace.log
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-08 14:21 - 2006-06-27 16:28 - 00322048 _____ () C:\Windows\system32\CNQL3203.DLL
2014-02-08 14:21 - 2006-04-11 16:06 - 00064512 _____ (CANON INC.) C:\Windows\system32\CNQU86.DLL
2014-02-08 14:18 - 2014-02-08 14:18 - 00003232 _____ () C:\Windows\System32\Tasks\{33E1B1E3-225F-43F4-9D4B-7AFE1625DB92}
2014-02-08 13:56 - 2014-02-08 13:56 - 00003286 _____ () C:\Windows\System32\Tasks\{619CE854-F31C-4298-B87A-AEF1A6C703A8}
2014-02-08 13:52 - 2014-02-10 17:54 - 00000302 _____ () C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job
2014-02-08 13:52 - 2014-02-10 17:44 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-02-08 13:52 - 2014-02-10 17:44 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-02-08 13:52 - 2014-02-08 13:52 - 00003270 _____ () C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}
2014-02-08 13:44 - 2014-02-08 13:44 - 00003278 _____ () C:\Windows\System32\Tasks\{00426139-28BB-4EAB-86B5-CA3233D1483C}
2014-02-08 10:07 - 2014-02-08 10:07 - 00000000 ____D () C:\Users\cornelia danzer\Documents\Steuer-Sparbuch
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{24D4CF7D-4A90-4584-BDAB-74C650A38894}
2014-02-07 14:27 - 2014-02-07 14:27 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{5681DAF0-03EE-4DEA-88BC-3B7CA256E656}
2014-02-07 14:24 - 2014-02-07 14:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-02-06 18:10 - 2014-02-06 18:10 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{A930BE9E-0C59-48EB-91D1-4F9CA53931CD}
2014-02-05 17:46 - 2014-02-05 17:46 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6F6ACFE1-F4B9-446A-BA5B-AA718E935165}
2014-02-04 19:21 - 2014-02-04 19:22 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{07507FDB-4799-40B9-937A-D413081ADDB3}
2014-02-02 19:59 - 2014-02-02 20:00 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{E3394A85-2096-447B-99CB-E4888930FF27}
2014-02-02 19:45 - 2014-02-02 19:45 - 00002101 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-02-02 19:45 - 2014-02-02 19:45 - 00000080 _____ () C:\Windows\wiso.ini
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl
2014-02-02 19:44 - 2014-02-02 19:45 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-02 19:44 - 2014-02-02 19:44 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-02-02 19:43 - 2014-02-02 19:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9723ACB-BAE7-4F4F-8839-ADB7F1748E59}
2014-02-02 18:12 - 2014-02-02 18:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{ABA11A69-FD8D-442B-BEE8-3AF599422152}
2014-02-01 16:23 - 2014-02-01 16:23 - 07011040 _____ () C:\Users\cornelia danzer\Desktop\muster.tif
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{3DCA4205-EE3E-425A-BE8C-C1590B7F3A21}
2014-01-26 11:54 - 2014-01-26 11:54 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C3C21092-FCCE-459C-8C70-6B6B689D63D0}
2014-01-21 20:31 - 2013-11-11 19:13 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-21 20:30 - 2013-11-11 19:13 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-21 20:30 - 2013-11-11 19:13 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-21 20:30 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-01-21 20:30 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-01-21 18:24 - 2014-01-21 18:24 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{F940FABB-EC52-4986-A928-E8DF2C4F244A}
2014-01-21 17:52 - 2014-01-21 17:52 - 00003356 _____ () C:\Windows\System32\Tasks\DriverTuner Startup
2014-01-21 17:52 - 2014-01-21 17:52 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-01-19 19:40 - 2014-01-19 19:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{91F3164C-DA07-49F0-AA65-72D2882B24A5}
2014-01-19 19:36 - 2014-01-26 11:55 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Kaspersky 01_2014
2014-01-18 10:39 - 2014-01-18 10:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C662BE46-B65A-4928-B4D7-28629B919E39}
2014-01-16 15:27 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 15:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 15:27 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 17:49 - 2014-01-14 17:49 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{2F6B7D11-841E-42C3-9334-75E36BD870D1}
2014-01-12 18:18 - 2014-01-12 18:18 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{54D15201-9F54-4F17-A4EB-EEAA5DE88594}
==================== One Month Modified Files and Folders =======
2014-02-10 17:59 - 2013-08-11 21:41 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 17:58 - 2014-02-09 16:13 - 00000000 ____D () C:\FRST
2014-02-10 17:55 - 2012-02-11 12:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-10 17:54 - 2014-02-08 13:52 - 00000302 _____ () C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job
2014-02-10 17:54 - 2013-08-11 21:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 17:54 - 2013-08-03 06:45 - 00009491 _____ () C:\Windows\setupact.log
2014-02-10 17:54 - 2012-01-18 15:02 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-10 17:54 - 2012-01-18 15:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-10 17:54 - 2012-01-18 14:38 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-10 17:54 - 2012-01-18 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-10 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 17:49 - 2013-08-03 06:47 - 01071281 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 17:49 - 2012-02-09 19:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Adobe
2014-02-10 17:48 - 2014-02-10 17:48 - 00000000 ____D () C:\AdwCleaner
2014-02-10 17:46 - 2014-02-09 16:10 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Trojaner Board 2014
2014-02-10 17:46 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 17:46 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 17:44 - 2014-02-08 13:52 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-02-10 17:44 - 2014-02-08 13:52 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-02-10 17:44 - 2010-11-21 07:50 - 00710954 _____ () C:\Windows\system32\perfh007.dat
2014-02-10 17:44 - 2010-11-21 07:50 - 00155026 _____ () C:\Windows\system32\perfc007.dat
2014-02-10 17:44 - 2009-07-14 06:13 - 01653302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 20:32 - 2012-04-03 15:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 19:33 - 2012-03-23 14:53 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\NVIDIA
2014-02-09 16:13 - 2012-04-05 17:06 - 00000000 ____D () C:\Users\cornelia danzer\Downloads\wegwerf
2014-02-09 14:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-09 13:04 - 2014-02-09 13:03 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{082FDD51-9F19-4757-81F3-00F2005673B7}
2014-02-09 12:43 - 2012-01-18 14:53 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-09 12:39 - 2013-08-03 06:44 - 00182448 _____ () C:\Windows\PFRO.log
2014-02-09 12:33 - 2014-02-09 12:03 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-09 12:32 - 2013-07-05 08:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Apps\2.0
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 _____ () C:\autoexec.bat
2014-02-09 10:20 - 2014-02-09 10:20 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 10:20 - 2012-01-18 13:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-09 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-09 10:13 - 2011-02-11 19:06 - 01626646 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-09 10:07 - 2014-02-09 10:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\SoftThinks
2014-02-08 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-08 19:14 - 2014-02-08 19:14 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\DriverTuner
2014-02-08 19:03 - 2013-07-03 16:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 18:44 - 2014-02-08 14:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Canon
2014-02-08 14:39 - 2014-02-08 14:39 - 00000796 _____ () C:\Users\cornelia danzer\Desktop\Scanns - Verknüpfung.lnk
2014-02-08 14:38 - 2014-02-08 14:38 - 00000000 _____ () C:\Users\cornelia danzer\Sti_Trace.log
2014-02-08 14:38 - 2012-02-09 17:54 - 00000000 ____D () C:\Users\cornelia danzer
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-08 14:26 - 2012-01-18 14:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-08 14:21 - 2012-03-06 19:39 - 00000000 ___HD () C:\CanoScan
2014-02-08 14:18 - 2014-02-08 14:18 - 00003232 _____ () C:\Windows\System32\Tasks\{33E1B1E3-225F-43F4-9D4B-7AFE1625DB92}
2014-02-08 13:56 - 2014-02-08 13:56 - 00003286 _____ () C:\Windows\System32\Tasks\{619CE854-F31C-4298-B87A-AEF1A6C703A8}
2014-02-08 13:52 - 2014-02-08 13:52 - 00003270 _____ () C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}
2014-02-08 13:44 - 2014-02-08 13:44 - 00003278 _____ () C:\Windows\System32\Tasks\{00426139-28BB-4EAB-86B5-CA3233D1483C}
2014-02-08 12:07 - 2013-05-30 14:58 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\DaWanda Texte
2014-02-08 10:07 - 2014-02-08 10:07 - 00000000 ____D () C:\Users\cornelia danzer\Documents\Steuer-Sparbuch
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{24D4CF7D-4A90-4584-BDAB-74C650A38894}
2014-02-07 14:27 - 2014-02-07 14:27 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{5681DAF0-03EE-4DEA-88BC-3B7CA256E656}
2014-02-07 14:24 - 2014-02-07 14:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-02-06 18:10 - 2014-02-06 18:10 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{A930BE9E-0C59-48EB-91D1-4F9CA53931CD}
2014-02-05 17:46 - 2014-02-05 17:46 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6F6ACFE1-F4B9-446A-BA5B-AA718E935165}
2014-02-05 16:41 - 2013-08-03 06:45 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-04 19:22 - 2014-02-04 19:21 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{07507FDB-4799-40B9-937A-D413081ADDB3}
2014-02-02 20:00 - 2014-02-02 19:59 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{E3394A85-2096-447B-99CB-E4888930FF27}
2014-02-02 19:45 - 2014-02-02 19:45 - 00002101 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-02-02 19:45 - 2014-02-02 19:45 - 00000080 _____ () C:\Windows\wiso.ini
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl
2014-02-02 19:45 - 2014-02-02 19:44 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-02 19:44 - 2014-02-02 19:44 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-02-02 19:43 - 2014-02-02 19:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9723ACB-BAE7-4F4F-8839-ADB7F1748E59}
2014-02-02 19:07 - 2013-05-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-02 18:12 - 2014-02-02 18:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{ABA11A69-FD8D-442B-BEE8-3AF599422152}
2014-02-01 16:23 - 2014-02-01 16:23 - 07011040 _____ () C:\Users\cornelia danzer\Desktop\muster.tif
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{3DCA4205-EE3E-425A-BE8C-C1590B7F3A21}
2014-01-26 11:55 - 2014-01-19 19:36 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Kaspersky 01_2014
2014-01-26 11:54 - 2014-01-26 11:54 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C3C21092-FCCE-459C-8C70-6B6B689D63D0}
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-21 18:24 - 2014-01-21 18:24 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{F940FABB-EC52-4986-A928-E8DF2C4F244A}
2014-01-21 17:52 - 2014-01-21 17:52 - 00003356 _____ () C:\Windows\System32\Tasks\DriverTuner Startup
2014-01-21 17:52 - 2014-01-21 17:52 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-01-19 19:40 - 2014-01-19 19:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{91F3164C-DA07-49F0-AA65-72D2882B24A5}
2014-01-18 10:40 - 2014-01-18 10:39 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C662BE46-B65A-4928-B4D7-28629B919E39}
2014-01-18 08:51 - 2013-08-01 17:03 - 06475960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 15:29 - 2013-08-11 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 15:26 - 2012-02-09 20:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 17:49 - 2014-01-14 17:49 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{2F6B7D11-841E-42C3-9334-75E36BD870D1}
2014-01-12 18:18 - 2014-01-12 18:18 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{54D15201-9F54-4F17-A4EB-EEAA5DE88594}
Some content of TEMP:
====================
C:\Users\cornelia danzer\AppData\Local\Temp\bitool.dll
C:\Users\cornelia danzer\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\cornelia danzer\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\IMsetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cornelia danzer\AppData\Local\Temp\Quarantine.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SBLCopyF.EXE
C:\Users\cornelia danzer\AppData\Local\Temp\sdanircmdc.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SHSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\cornelia danzer\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 11:50
==================== End Of Log ============================
--- --- --- |
|
11.02.2014, 07:21
| #7 |
| /// Malwareteam | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [FixMyRegistry] - C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
C:\Program Files (x86)\SmartTweak
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Homepage: hxxp://start.iminent.com/?appId=20118C4D-43C6-4087-89C8-525CA723D4CC
FF SelectedSearchEngine: StartWeb
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
C:\Program Files\V-bates
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-09 12:03 - 2014-02-09 12:33 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-08 13:52 - 2014-02-10 17:44 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00003270 _____ () C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}
2014-02-08 13:52 - 2014-02-10 17:54 - 00000302 _____ () C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Sind die beiden Programme noch da, bzw. wird die Startseite noch geändert? Gibt es weitere Probleme mit dem Rechner? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
12.02.2014, 05:15
| #8 |
| | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallierenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by cornelia danzer at 2014-02-11 18:55:53 Run:1
Running from C:\Users\cornelia danzer\Desktop\Trojaner Board 2014\FRST
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\...\Run: [FixMyRegistry] - C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
C:\Program Files (x86)\SmartTweak
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Homepage: hxxp://start.iminent.com/?appId=20118C4D-43C6-4087-89C8-525CA723D4CC
FF SelectedSearchEngine: StartWeb
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
C:\Program Files\V-bates
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-09 12:03 - 2014-02-09 12:33 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-08 13:52 - 2014-02-10 17:44 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00003270 _____ () C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}
2014-02-08 13:52 - 2014-02-10 17:54 - 00000302 _____ () C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job
*****************
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateMyDrivers => Value deleted successfully.
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedUpMyComputer => Value deleted successfully.
HKU\S-1-5-21-2725353438-3568533369-1437541212-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FixMyRegistry => Value deleted successfully.
C:\Program Files (x86)\SmartTweak => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key deleted successfully.
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} => Value deleted successfully.
"C:\Program Files\V-bates" => File/Directory not found.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully.
C:\Users\cornelia danzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software => Moved successfully.
C:\Windows\System32\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD} => Moved successfully.
C:\Windows\Tasks\FF Watcher {4FA5C5BA-A467-432A-9D4A-1CF72B8E34AD}.job => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.11.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 cornelia danzer :: CORNELIADANZER [Administrator] Schutz: Aktiviert 11.02.2014 19:01:55 mbam-log-2014-02-11 (19-01-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242090 Laufzeit: 3 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\Typelib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F} (PUP.Optional.GetNow.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967} (PUP.Optional.GetNow.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\cornelia danzer\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\cornelia danzer\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe (PUP.Optional.JumpyApps) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\cornelia danzer\AppData\Local\Temp\IMsetup.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\cornelia danzer\AppData\Local\Temp\Umbrella.exef89feb (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\cornelia danzer\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ca47c7be03638748a7cabbcdcf602d38
# engine=17030
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-11 11:37:03
# local_time=2014-02-12 12:37:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16705006 143791673 0 0
# scanned=425086
# found=0
# cleaned=0
# scan_time=18641
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by cornelia danzer (administrator) on CORNELIADANZER on 12-02-2014 05:11:21
Running from C:\Users\cornelia danzer\Desktop\Trojaner Board 2014\FRST
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [FontExpertType1Loader] - C:\Program Files (x86)\FontExpert\Type1Loader.exe [294776 2011-10-31] (Proxima Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\searchplugins\webde-suche.xml
FF Extension: Xmarks - C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\Extensions\foxmarks@kei.com [2013-05-22]
FF Extension: WEB.DE MailCheck - C:\Users\cornelia danzer\AppData\Roaming\Mozilla\Firefox\Profiles\kc35dg2b.default\Extensions\toolbar@web.de.xpi [2012-02-12]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-10]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-01-21]
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "translate_accepted_count": {
"en": 0,
"fi"
CHR Extension: (Google Docs) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-11]
CHR Extension: (Google Drive) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (YouTube) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google-Suche) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-22]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-22]
CHR Extension: (Content Blocker) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-22]
CHR Extension: (Virtual Keyboard) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
CHR Extension: (Anti-Banner) - C:\Users\cornelia danzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [154352 2009-08-28] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-07] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
==================== Drivers (Whitelisted) ====================
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-11 19:17 - 2014-02-11 19:17 - 02347384 _____ (ESET) C:\Users\cornelia danzer\Downloads\esetsmartinstaller_enu.exe
2014-02-11 18:59 - 2014-02-11 18:59 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:59 - 2014-02-11 18:59 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Malwarebytes
2014-02-11 18:59 - 2014-02-11 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 18:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 18:56 - 2014-02-11 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\cornelia danzer\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-10 18:47 - 2014-02-10 18:47 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{172C909F-3B18-4D0E-9795-9B4BDA148FA0}
2014-02-10 17:48 - 2014-02-10 17:48 - 00000000 ____D () C:\AdwCleaner
2014-02-09 16:13 - 2014-02-12 05:11 - 00000000 ____D () C:\FRST
2014-02-09 16:10 - 2014-02-11 18:57 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Trojaner Board 2014
2014-02-09 13:03 - 2014-02-09 13:04 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{082FDD51-9F19-4757-81F3-00F2005673B7}
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 _____ () C:\autoexec.bat
2014-02-09 10:20 - 2014-02-09 10:20 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:07 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\SoftThinks
2014-02-09 10:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-09 10:20 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-02-09 10:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-09 10:20 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-09 10:20 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-09 10:20 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-09 10:20 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-09 10:20 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-09 10:20 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-09 10:20 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-09 10:20 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-09 10:20 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-09 10:20 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-09 10:20 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-09 10:20 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-09 10:20 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-09 10:20 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-02-09 10:20 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-09 10:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-09 10:20 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-02-09 10:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-09 10:20 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-09 10:20 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-09 10:20 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-09 10:20 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-09 10:20 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-09 10:20 - 2012-01-18 14:58 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-02-09 10:20 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 10:20 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 10:19 - 2013-08-09 02:05 - 03310693 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-09 10:18 - 2014-02-09 10:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 10:17 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-09 10:17 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-08 19:14 - 2014-02-08 19:14 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\DriverTuner
2014-02-08 14:39 - 2014-02-08 14:39 - 00000796 _____ () C:\Users\cornelia danzer\Desktop\Scanns - Verknüpfung.lnk
2014-02-08 14:38 - 2014-02-10 18:43 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Canon
2014-02-08 14:38 - 2014-02-08 14:38 - 00000000 _____ () C:\Users\cornelia danzer\Sti_Trace.log
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-08 14:21 - 2006-06-27 16:28 - 00322048 _____ () C:\Windows\system32\CNQL3203.DLL
2014-02-08 14:21 - 2006-04-11 16:06 - 00064512 _____ (CANON INC.) C:\Windows\system32\CNQU86.DLL
2014-02-08 14:18 - 2014-02-08 14:18 - 00003232 _____ () C:\Windows\System32\Tasks\{33E1B1E3-225F-43F4-9D4B-7AFE1625DB92}
2014-02-08 13:56 - 2014-02-08 13:56 - 00003286 _____ () C:\Windows\System32\Tasks\{619CE854-F31C-4298-B87A-AEF1A6C703A8}
2014-02-08 13:44 - 2014-02-08 13:44 - 00003278 _____ () C:\Windows\System32\Tasks\{00426139-28BB-4EAB-86B5-CA3233D1483C}
2014-02-08 10:07 - 2014-02-08 10:07 - 00000000 ____D () C:\Users\cornelia danzer\Documents\Steuer-Sparbuch
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{24D4CF7D-4A90-4584-BDAB-74C650A38894}
2014-02-07 14:27 - 2014-02-07 14:27 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{5681DAF0-03EE-4DEA-88BC-3B7CA256E656}
2014-02-07 14:24 - 2014-02-07 14:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-02-06 18:10 - 2014-02-06 18:10 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{A930BE9E-0C59-48EB-91D1-4F9CA53931CD}
2014-02-05 17:46 - 2014-02-05 17:46 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6F6ACFE1-F4B9-446A-BA5B-AA718E935165}
2014-02-04 19:21 - 2014-02-04 19:22 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{07507FDB-4799-40B9-937A-D413081ADDB3}
2014-02-02 19:59 - 2014-02-02 20:00 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{E3394A85-2096-447B-99CB-E4888930FF27}
2014-02-02 19:45 - 2014-02-02 19:45 - 00002101 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-02-02 19:45 - 2014-02-02 19:45 - 00000080 _____ () C:\Windows\wiso.ini
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl
2014-02-02 19:44 - 2014-02-02 19:45 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-02 19:44 - 2014-02-02 19:44 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-02-02 19:43 - 2014-02-02 19:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9723ACB-BAE7-4F4F-8839-ADB7F1748E59}
2014-02-02 18:12 - 2014-02-02 18:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{ABA11A69-FD8D-442B-BEE8-3AF599422152}
2014-02-01 16:23 - 2014-02-01 16:23 - 07011040 _____ () C:\Users\cornelia danzer\Desktop\muster.tif
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{3DCA4205-EE3E-425A-BE8C-C1590B7F3A21}
2014-01-26 11:54 - 2014-01-26 11:54 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C3C21092-FCCE-459C-8C70-6B6B689D63D0}
2014-01-21 20:31 - 2013-11-11 19:13 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-21 20:30 - 2013-11-11 19:13 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-21 20:30 - 2013-11-11 19:13 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-21 20:30 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-01-21 20:30 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-01-21 18:24 - 2014-01-21 18:24 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{F940FABB-EC52-4986-A928-E8DF2C4F244A}
2014-01-21 17:52 - 2014-01-21 17:52 - 00003356 _____ () C:\Windows\System32\Tasks\DriverTuner Startup
2014-01-21 17:52 - 2014-01-21 17:52 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-01-19 19:40 - 2014-01-19 19:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{91F3164C-DA07-49F0-AA65-72D2882B24A5}
2014-01-19 19:36 - 2014-01-26 11:55 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Kaspersky 01_2014
2014-01-18 10:39 - 2014-01-18 10:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C662BE46-B65A-4928-B4D7-28629B919E39}
2014-01-16 15:27 - 2013-11-27 02:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 15:27 - 2013-11-27 02:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 15:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 15:27 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 17:49 - 2014-01-14 17:49 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{2F6B7D11-841E-42C3-9334-75E36BD870D1}
==================== One Month Modified Files and Folders =======
2014-02-12 05:11 - 2014-02-09 16:13 - 00000000 ____D () C:\FRST
2014-02-12 04:59 - 2013-08-11 21:41 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 04:32 - 2012-04-03 15:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 04:15 - 2012-02-11 12:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-12 02:00 - 2012-02-09 19:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Adobe
2014-02-11 23:58 - 2013-08-11 21:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 19:19 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 19:19 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 19:17 - 2014-02-11 19:17 - 02347384 _____ (ESET) C:\Users\cornelia danzer\Downloads\esetsmartinstaller_enu.exe
2014-02-11 19:17 - 2010-11-21 07:50 - 00710954 _____ () C:\Windows\system32\perfh007.dat
2014-02-11 19:17 - 2010-11-21 07:50 - 00155026 _____ () C:\Windows\system32\perfc007.dat
2014-02-11 19:17 - 2009-07-14 06:13 - 01653302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 19:16 - 2013-08-03 06:47 - 01100127 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 19:13 - 2012-01-18 15:02 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-11 19:13 - 2012-01-18 15:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-11 19:13 - 2012-01-18 14:38 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-11 19:12 - 2013-08-03 06:45 - 00009603 _____ () C:\Windows\setupact.log
2014-02-11 19:12 - 2013-08-03 06:44 - 00183892 _____ () C:\Windows\PFRO.log
2014-02-11 19:12 - 2012-01-18 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-11 19:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 18:59 - 2014-02-11 18:59 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:59 - 2014-02-11 18:59 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Malwarebytes
2014-02-11 18:59 - 2014-02-11 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 18:57 - 2014-02-09 16:10 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Trojaner Board 2014
2014-02-11 18:56 - 2014-02-11 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\cornelia danzer\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-10 18:47 - 2014-02-10 18:47 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{172C909F-3B18-4D0E-9795-9B4BDA148FA0}
2014-02-10 18:43 - 2014-02-08 14:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Canon
2014-02-10 18:43 - 2013-05-30 14:58 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\DaWanda Texte
2014-02-10 17:48 - 2014-02-10 17:48 - 00000000 ____D () C:\AdwCleaner
2014-02-09 19:33 - 2012-03-23 14:53 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\NVIDIA
2014-02-09 16:13 - 2012-04-05 17:06 - 00000000 ____D () C:\Users\cornelia danzer\Downloads\wegwerf
2014-02-09 14:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-09 13:04 - 2014-02-09 13:03 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{082FDD51-9F19-4757-81F3-00F2005673B7}
2014-02-09 12:43 - 2012-01-18 14:53 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-09 12:32 - 2013-07-05 08:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Apps\2.0
2014-02-09 12:04 - 2014-02-09 12:04 - 00000000 _____ () C:\autoexec.bat
2014-02-09 10:20 - 2014-02-09 10:20 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:20 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2014-02-09 10:20 - 2014-02-09 10:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 10:20 - 2012-01-18 13:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-09 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-09 10:13 - 2011-02-11 19:06 - 01626646 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-09 10:07 - 2014-02-09 10:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\SoftThinks
2014-02-08 19:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-08 19:14 - 2014-02-08 19:14 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\DriverTuner
2014-02-08 19:03 - 2013-07-03 16:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-08 14:39 - 2014-02-08 14:39 - 00000796 _____ () C:\Users\cornelia danzer\Desktop\Scanns - Verknüpfung.lnk
2014-02-08 14:38 - 2014-02-08 14:38 - 00000000 _____ () C:\Users\cornelia danzer\Sti_Trace.log
2014-02-08 14:38 - 2012-02-09 17:54 - 00000000 ____D () C:\Users\cornelia danzer
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-02-08 14:26 - 2012-01-18 14:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-08 14:21 - 2012-03-06 19:39 - 00000000 ___HD () C:\CanoScan
2014-02-08 14:18 - 2014-02-08 14:18 - 00003232 _____ () C:\Windows\System32\Tasks\{33E1B1E3-225F-43F4-9D4B-7AFE1625DB92}
2014-02-08 13:56 - 2014-02-08 13:56 - 00003286 _____ () C:\Windows\System32\Tasks\{619CE854-F31C-4298-B87A-AEF1A6C703A8}
2014-02-08 13:44 - 2014-02-08 13:44 - 00003278 _____ () C:\Windows\System32\Tasks\{00426139-28BB-4EAB-86B5-CA3233D1483C}
2014-02-08 10:07 - 2014-02-08 10:07 - 00000000 ____D () C:\Users\cornelia danzer\Documents\Steuer-Sparbuch
2014-02-08 09:32 - 2014-02-08 09:32 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{24D4CF7D-4A90-4584-BDAB-74C650A38894}
2014-02-07 14:27 - 2014-02-07 14:27 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{5681DAF0-03EE-4DEA-88BC-3B7CA256E656}
2014-02-07 14:24 - 2014-02-07 14:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-02-06 18:10 - 2014-02-06 18:10 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{A930BE9E-0C59-48EB-91D1-4F9CA53931CD}
2014-02-05 17:46 - 2014-02-05 17:46 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{6F6ACFE1-F4B9-446A-BA5B-AA718E935165}
2014-02-05 16:41 - 2013-08-03 06:45 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-04 19:22 - 2014-02-04 19:21 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{07507FDB-4799-40B9-937A-D413081ADDB3}
2014-02-02 20:00 - 2014-02-02 19:59 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{E3394A85-2096-447B-99CB-E4888930FF27}
2014-02-02 19:45 - 2014-02-02 19:45 - 00002101 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-02-02 19:45 - 2014-02-02 19:45 - 00000080 _____ () C:\Windows\wiso.ini
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Roaming\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl Data Service
2014-02-02 19:45 - 2014-02-02 19:45 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\Buhl
2014-02-02 19:45 - 2014-02-02 19:44 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-02 19:44 - 2014-02-02 19:44 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-02-02 19:43 - 2014-02-02 19:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9723ACB-BAE7-4F4F-8839-ADB7F1748E59}
2014-02-02 19:07 - 2013-05-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-02 18:12 - 2014-02-02 18:12 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{ABA11A69-FD8D-442B-BEE8-3AF599422152}
2014-02-01 16:23 - 2014-02-01 16:23 - 07011040 _____ () C:\Users\cornelia danzer\Desktop\muster.tif
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{3DCA4205-EE3E-425A-BE8C-C1590B7F3A21}
2014-01-26 11:55 - 2014-01-19 19:36 - 00000000 ____D () C:\Users\cornelia danzer\Desktop\Kaspersky 01_2014
2014-01-26 11:54 - 2014-01-26 11:54 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C3C21092-FCCE-459C-8C70-6B6B689D63D0}
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-01-21 18:24 - 2014-01-21 18:24 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{F940FABB-EC52-4986-A928-E8DF2C4F244A}
2014-01-21 17:52 - 2014-01-21 17:52 - 00003356 _____ () C:\Windows\System32\Tasks\DriverTuner Startup
2014-01-21 17:52 - 2014-01-21 17:52 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-01-19 19:40 - 2014-01-19 19:40 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{91F3164C-DA07-49F0-AA65-72D2882B24A5}
2014-01-18 10:40 - 2014-01-18 10:39 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{C662BE46-B65A-4928-B4D7-28629B919E39}
2014-01-18 08:51 - 2013-08-01 17:03 - 06475960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 15:29 - 2013-08-11 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 15:26 - 2012-02-09 20:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 17:49 - 2014-01-14 17:49 - 00000000 ____D () C:\Users\cornelia danzer\AppData\Local\{2F6B7D11-841E-42C3-9334-75E36BD870D1}
Some content of TEMP:
====================
C:\Users\cornelia danzer\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\cornelia danzer\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cornelia danzer\AppData\Local\Temp\Quarantine.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SBLCopyF.EXE
C:\Users\cornelia danzer\AppData\Local\Temp\sdanircmdc.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SHSetup.exe
C:\Users\cornelia danzer\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\cornelia danzer\AppData\Local\Temp\v-bates.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 11:50
==================== End Of Log ============================
--- --- --- --- --- --- Guten Morgen :-) Ich denke, die Programme sind beide weg :-) Habe da seit ein paar Tagen ständig die Meldung von "Driver Tuner (Lion Sea Software). Benötige ich diese oder hat dieses Programm sich auch "so eingeschlichen". bin nicht sicher, ob ich das deinstallieren sollte ;-) |
|
12.02.2014, 18:41
| #9 | |||||||||
| /// Malwareteam | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallierenZitat:
.Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Updates Java Version 7 Update 51
Cleanup Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps). Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> SoftwareDie Reihenfolge ist hier entscheidend.
In deinen Logfiles sehe ich keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen Welcher Antivirenscanner ist der Beste?
Aber Updates muss ich immer installieren, oder?
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
Welche Programme sollte ich nicht verwenden?
Gibt es noch weitere Tipps, um mich zu schützen?
Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .Ich wünsche dir eine schöne und malwarefreie Zeit  .
__________________ Gruß, Jonas |
|
12.02.2014, 21:25
| #10 |
| | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Vielen herzlichen Dank! Weiterhin alles Gute :-) |
|
12.02.2014, 21:39
| #11 |
| /// Malwareteam | SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren Hallo oops_67, schön, dass wir dir helfen konnten  .Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.
__________________ Gruß, Jonas |
|
| Themen zu SpeedUpMyComputer / FixMyRegistry --> lassen sich nicht deinstallieren |
| deinstallationprobleme, deinstallieren, entferne, fixmyregistry, folge, gestern, neueste, problem, programme, pup.optional.getnow.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.jumpyapps, pup.optional.somoto, pup.optional.somoto.a, software, speedupmycomputer, speedupmycomputer / fixmyregistry, spyhunter, spyhunter entfernen, spyware?, suchmaschine, systems, systemsteuerung |
Linear-Darstellung
