| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner oder Browlock?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2014, 13:23
| #1 |
| |  GVU Trojaner oder Browlock? Schönen guten Tag, ich habe gestern Abend den Fall gehabt, dass sich mein Internetbrowser Google Chrome nicht mehr schließen ließ. Ich musste Google Chrome per Task Manager entfernen. Die nicht mehr zu schließendene Seite enthielt die Aufforderung über Paysafe zu zahlen, sodasss mein Computer wieder freigegeben wird. Oben auf der Seite waren unter anderem Angela Merkel, GVU und Bundesploizei zu sehen/lesen (die bekannte Aufmachung). Das Problem trat nur einmal auf und auch nach erneutem Starten des Computers gab es keine Probleme. Besteht die Möglichkeit, dass sich Schadsoftware auf meinem Pc findet oder habe ich Glück gehabt. Einen Virenschutz, der auf dem neusten Stand ist, habe ich auch: Kaspersky Internet Security. Wie sollte ich weiter vorgehen? Vielen Dank und beste Grüße |
|
01.04.2014, 13:24
| #2 |
| /// the machine /// TB-Ausbilder    | GVU Trojaner oder Browlock? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.04.2014, 15:57
| #3 |
| | GVU Trojaner oder Browlock? Hallo, vielen Dank für die schnelle Antwort. Hier die Daten:
__________________[ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Maximilian (administrator) on MAXIMILIAN-PC on 01-04-2014 16:52:22
Running from C:\Users\Maximilian\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-24] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-10-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1473888687-1214762889-3515708772-1006\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {63FA094E-A311-47C6-8100-26411FBEEDE4} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {6ABB146C-28B3-4FF9-B3E0-A111A07E3551} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {63FA094E-A311-47C6-8100-26411FBEEDE4} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {64FAAB83-CB2F-4D04-B631-ACB3CA6F535B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
SearchScopes: HKCU - {6ABB146C-28B3-4FF9-B3E0-A111A07E3551} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF Homepage: hxxp://www.volkswagen-karriere.de/de/jobs/initiativbewerbungsmoeglichkeiten/ferienjobs.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Freeware.de - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2013-12-13]
FF Extension: DownloadHelper - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-05]
FF Extension: WEB.DE MailCheck - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\toolbar@web.de.xpi [2011-12-21]
FF Extension: vshare Add-On - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-11]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2011-07-03]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2011-07-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-02-12]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-24]
CHR Extension: (Google-Suche) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-24]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-24]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-02-12]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-02-12]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-24]
CHR Extension: (Google Wallet) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-02-11]
CHR Extension: (Google Mail) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-24]
CHR Extension: (Anti-Banner) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-10-23]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-01-08] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-08] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-01-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-12-06] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-08] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-05-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-05-06] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-12-06] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-01-08] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-08] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc;
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 16:52 - 2014-04-01 16:52 - 00031193 _____ () C:\Users\Maximilian\Downloads\FRST.txt
2014-04-01 16:52 - 2014-04-01 16:52 - 00000000 ____D () C:\FRST
2014-04-01 16:51 - 2014-04-01 16:51 - 02157056 _____ (Farbar) C:\Users\Maximilian\Downloads\FRST64.exe
2014-03-30 10:44 - 2014-03-31 22:42 - 00001639 _____ () C:\WINDOWS\setupact.log
2014-03-30 10:44 - 2014-03-30 10:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-24 23:12 - 2014-03-24 23:35 - 00002104 _____ () C:\WINDOWS\PFRO.log
2014-03-24 21:32 - 2014-03-24 23:36 - 00541592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 21:16 - 2014-03-24 21:16 - 00000000 _____ () C:\Users\Administrator\.uc-64d2b2abcc792cfb4d4e4c0b0708b488.administrator.maximilian-pc.tmp
2014-03-24 21:12 - 2014-03-24 21:12 - 00002360 _____ () C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-24 21:11 - 2014-03-24 21:16 - 00000000 ____D () C:\Users\Administrator
2014-03-24 21:11 - 2014-03-24 21:11 - 00002271 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00001454 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ____D () C:\Users\Administrator\AppData\LocalGoogle
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-04-01 16:52 - 2014-04-01 16:52 - 00031193 _____ () C:\Users\Maximilian\Downloads\FRST.txt
2014-04-01 16:52 - 2014-04-01 16:52 - 00000000 ____D () C:\FRST
2014-04-01 16:52 - 2014-01-30 16:55 - 00000584 _____ () C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2014-04-01 16:52 - 2014-01-08 14:20 - 01764092 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 16:51 - 2014-04-01 16:51 - 02157056 _____ (Farbar) C:\Users\Maximilian\Downloads\FRST64.exe
2014-04-01 16:51 - 2013-11-14 09:26 - 02063920 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-01 16:51 - 2013-11-14 09:11 - 00878066 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-01 16:51 - 2013-11-14 09:11 - 00201120 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-01 16:51 - 2013-02-12 01:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473888687-1214762889-3515708772-1001
2014-04-01 16:50 - 2013-02-12 01:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-01 16:48 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-01 16:47 - 2011-07-26 20:22 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 16:47 - 2011-03-12 17:00 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-01 06:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 06:48 - 2013-08-22 15:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-31 23:27 - 2012-04-04 10:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-31 23:25 - 2011-07-26 20:22 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 22:42 - 2014-03-30 10:44 - 00001639 _____ () C:\WINDOWS\setupact.log
2014-03-30 12:42 - 2011-10-13 12:30 - 00001158 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001UA.job
2014-03-30 12:42 - 2011-10-13 12:30 - 00001136 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001Core.job
2014-03-30 11:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-30 11:20 - 2011-07-26 20:22 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 11:20 - 2011-07-26 20:22 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-30 10:44 - 2014-03-30 10:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-26 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-24 23:36 - 2014-03-24 21:32 - 00541592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 23:35 - 2014-03-24 23:12 - 00002104 _____ () C:\WINDOWS\PFRO.log
2014-03-24 23:33 - 2014-01-06 16:19 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-24 23:20 - 2013-02-12 01:13 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Packages
2014-03-24 23:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-24 23:17 - 2011-07-03 11:16 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Apple Computer
2014-03-24 23:17 - 2011-07-03 11:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-24 23:17 - 2011-07-02 21:36 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\SoftGrid Client
2014-03-24 23:17 - 2011-03-12 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-24 23:16 - 2013-10-22 14:31 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-24 23:16 - 2011-07-26 20:22 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Google
2014-03-24 23:16 - 2011-07-26 20:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-24 23:11 - 2013-12-17 17:32 - 00000000 ____D () C:\Program Files\Recuva
2014-03-24 23:10 - 2013-07-16 18:21 - 00000000 ____D () C:\Users\Maximilian\Fotosoftware_Rossmann
2014-03-24 23:10 - 2011-07-03 11:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-24 23:08 - 2014-01-08 14:27 - 00000000 ____D () C:\Users\Maximilian
2014-03-24 23:07 - 2011-10-03 18:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-24 21:16 - 2014-03-24 21:16 - 00000000 _____ () C:\Users\Administrator\.uc-64d2b2abcc792cfb4d4e4c0b0708b488.administrator.maximilian-pc.tmp
2014-03-24 21:16 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator
2014-03-24 21:12 - 2014-03-24 21:12 - 00002360 _____ () C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-24 21:12 - 2009-07-14 07:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-24 21:11 - 2014-03-24 21:11 - 00002271 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00001454 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-24 21:07 - 2014-01-08 14:16 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-16 21:16 - 2014-01-19 19:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-12 12:27 - 2012-04-04 10:56 - 00003796 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 19:07 - 2014-01-08 14:27 - 00000000 ____D () C:\Users\UpdatusUser.Maximilian-PC
2014-03-04 12:26 - 2011-07-04 15:25 - 00000000 ____D () C:\Users\Maximilian\Documents\Uni
2014-03-04 11:21 - 2011-11-03 16:58 - 00000000 ____D () C:\ProgramData\Cisco
Files to move or delete:
====================
C:\Users\Maximilian\license.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 12:46
==================== End Of Log ============================
--- --- --- --- --- --- Additional LogFile --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Maximilian at 2014-04-01 16:53:21
Running from C:\Users\Maximilian\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1820 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1820 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Becker Content Manager 5.21.1092 (HKLM-x32\...\Becker Content Manager) (Version: 5.21.1092.0 - HARMAN)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1229.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1229.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EA Installer (HKLM-x32\...\EA Installer.-1797597899) (Version: 2.3.0.74 - Electronic Arts, Inc.)
FUSSBALL MANAGER 11 (HKLM-x32\...\FUSSBALL MANAGER 11) (Version: - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.3 - Acer Inc.)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
miCoach Manager (HKLM-x32\...\adidas miCoach Manager_is1) (Version: 5.3.10 - adidas)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 14.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 de)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6276 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Solid Edge ST6 (HKLM-x32\...\{E7AA3093-4539-45AB-9BFC-7FD7D2D174FB}) (Version: 106.00.00100 - Siemens)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Restore Points =========================
12-02-2014 22:42:05 Windows Update
11-03-2014 11:05:18 Geplanter Prüfpunkt
24-03-2014 20:09:14 Removed Cisco AnyConnect Secure Mobility Client
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-10-23 19:37 - 00444635 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BE7EC7A-A027-402A-8C57-7BA0323976B1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24BC0AB8-8D3D-498D-A2CB-3021A478C656} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26] (Google Inc.)
Task: {287709D0-24AC-4896-867E-ACF40F4CCFB0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D4466C0-260C-41EE-BB62-911C3A34B1A1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2FA2C0E1-1EE5-4D8C-AA5B-F34B725610B9} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-29] (CyberLink)
Task: {31CB23F7-EA5C-4B86-B1F7-6A5257CF25FC} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-29] (Acer Incorporated)
Task: {347EC866-6DDC-4459-9C9F-60420D27E42C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {379927CC-BCD5-43F9-864E-039936AA83CB} - System32\Tasks\{314B98BD-4FB9-42DD-9079-692CAE2DD66B} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {447FF02C-5DA3-4B8F-A6D5-3AD4175A42A6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4E9C5F5E-7CD3-48AA-A897-08EF0637AAC1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4EFC9539-128E-4F22-8B72-97BD31659C82} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {4F00199D-77E5-4271-B4BD-F5D92981C37E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5650472E-AD0D-4038-A0A9-77EE47D3CBA1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {5FADB92E-818F-4F2D-8650-ADCF024635D4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001Core => C:\Users\Maximilian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {68DDCA7C-7BF4-43A3-A6FE-2B0B2C77C086} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77AF1578-2254-4240-8E0B-180E22B43245} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {83413C74-0AEB-4758-A2E2-5F9984F8E491} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F05FCB2-0D6F-4709-B99D-8A4F61E96005} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8FF2D5CE-8677-4885-A91F-230402AAE565} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {99A02C06-F814-47B0-8CCB-B608D3C34E43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9B091382-334C-42A0-93F6-EC098B1B8F54} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1187C36-9B1C-452A-AB16-C663354E1925} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A25013FB-DEB1-4C4C-B92E-06862B4E5FB4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A5C3DDA2-0E5A-4FF8-9B3B-1A92556958CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {A6198B0B-384B-49EF-A32E-3C3DCE59A30B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {AF0FC974-5DB4-4C02-91FC-39FD73C6A31A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {B970F686-536E-4C3F-9E2D-9EA6787FB432} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001UA => C:\Users\Maximilian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {BA2BEA01-15B4-4C0F-B905-67809194FD3C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {BF4B0DC5-490B-4EEF-941F-C2F080F947AA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BF63B74F-6F2C-43EE-8DC1-7A4B9D3B8C8B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C456CD72-BB67-48CC-ADDB-7D7E55538B30} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {C7748778-A535-4DA1-99B2-F4D2FF72F9A9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-16] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD63051C-621C-4E43-8355-A26119A0CD29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {DDEB0F68-99C3-47C4-B870-C498DC13F03F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E0CBAD36-1B63-45A4-A1EF-7766313C0D88} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E8D0A85C-B0BF-4A34-A5C7-FCC1AD73BC1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {EFDDAC08-FC0A-48FD-8229-3973A1F260C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {F123B312-BF22-4597-93CD-3577F83A1553} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-29] (CyberLink Corp.)
Task: {F3AC4E45-7E2B-4D46-893A-8210FDD91120} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001Core.job => C:\Users\Maximilian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001UA.job => C:\Users\Maximilian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2011-12-19 20:06 - 2010-06-17 22:56 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2014-03-16 21:15 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-19 19:05 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-30 04:06 - 2012-11-30 04:06 - 01263512 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 22:39 - 2013-02-12 01:43 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2013-05-09 17:06 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-05-09 17:06 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-05-09 17:06 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-05-09 17:06 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-05-09 17:06 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2011-02-22 15:10 - 2010-09-14 04:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-11-30 04:07 - 2012-11-30 04:07 - 00100248 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-05-09 17:06 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-03-16 12:27 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 12:27 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 12:27 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 12:27 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 12:27 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 12:27 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-16 12:27 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Maximilian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 06:56:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (04/01/2014 06:54:48 AM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f18
Startzeit: 01cf4d666a809644
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: b288a36a-b959-11e3-beaf-ec55f92cd174
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexNews
Error: (04/01/2014 06:54:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Maximilian-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/01/2014 06:54:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Maximilian-PC)
Description: Die App „Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbwe+AppexNews“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (04/01/2014 06:49:38 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (03/31/2014 11:23:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (03/31/2014 10:51:53 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/31/2014 10:45:42 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -2143485936
Error: (03/31/2014 10:45:42 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {562BEEA8-0157-4CC2-B931-C5B1817A074B}
Error: (03/31/2014 10:45:42 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {562BEEA8-0157-4CC2-B931-C5B1817A074B}
System errors:
=============
Error: (04/01/2014 04:47:41 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/01/2014 06:56:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (04/01/2014 06:56:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/01/2014 06:56:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/01/2014 06:55:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (04/01/2014 06:49:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (04/01/2014 06:49:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/01/2014 06:49:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (03/31/2014 11:23:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (03/31/2014 11:23:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Microsoft Office Sessions:
=========================
Error: (04/01/2014 06:56:50 AM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (04/01/2014 06:54:48 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.16431f1801cf4d666a8096444294967295C:\WINDOWS\system32\wwahost.exeb288a36a-b959-11e3-beaf-ec55f92cd174Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbweAppexNews
Error: (04/01/2014 06:54:29 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Maximilian-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927142
Error: (04/01/2014 06:54:24 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Maximilian-PC)
Description: Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbwe+AppexNews
Error: (04/01/2014 06:49:38 AM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (03/31/2014 11:23:11 PM) (Source: SideBySide)(User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (03/31/2014 10:51:53 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/31/2014 10:45:42 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -2143485936
Error: (03/31/2014 10:45:42 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {562BEEA8-0157-4CC2-B931-C5B1817A074B}
Error: (03/31/2014 10:45:42 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {562BEEA8-0157-4CC2-B931-C5B1817A074B}
CodeIntegrity Errors:
===================================
Date: 2014-04-01 06:56:43.343
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-01 06:56:41.390
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-01 06:49:30.285
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-01 06:49:28.988
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-31 23:23:01.661
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-31 23:22:59.505
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-24 22:37:08.214
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-24 22:37:03.526
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-24 22:13:40.986
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-24 22:13:39.345
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 5995.86 MB
Available physical RAM: 4181.94 MB
Total Pagefile: 12139.86 MB
Available Pagefile: 10162.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:581.07 GB) (Free:402.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 77F45117)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Roeroe19 (01.04.2014 um 16:03 Uhr) |
|
02.04.2014, 12:13
| #4 |
| /// the machine /// TB-Ausbilder | GVU Trojaner oder Browlock? hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2014, 21:35
| #5 |
| | GVU Trojaner oder Browlock? Hallo, leider gibt es folgendes Problem: ComboFix is not meant to run in 'Compatibility Mode'. The program shall now exit. Mein Betriebssystem ist Windows 8.1. Tut mir Leid für die späte Info. Kann denn bereits gesagt werden, ob eine Bedrohung vorhanden ist'? Heute habe ich außerdem das Problem bekommen, dass ich über google chrome keine Suche mehr starten kann. Es tritt ein ssl verbindungsfehler auf. Über Firefox funktioniert die google Suche jedoch. |
|
03.04.2014, 12:05
| #6 |
| /// the machine /// TB-Ausbilder | GVU Trojaner oder Browlock? Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> GVU Trojaner oder Browlock? |
|
03.04.2014, 21:52
| #7 |
| | GVU Trojaner oder Browlock? Schönen guten Abend, also nach der Reihe: 1. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.04.2014 Suchlauf-Zeit: 22:21:12 Logdatei: MAB.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.03.08 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Maximilian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 376739 Verstrichene Zeit: 29 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.VShareRedir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d82801ffd22e8779d7b5d14d1fe3f808], PUP.Optional.VShareRedir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [1ae67a861ae648b8c2c9978780823fc1], PUP.Optional.PriceGong.A, HKU\S-1-5-21-1473888687-1214762889-3515708772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [936da06046baf20ea69cca9d3bc7db25], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.OpenCandy, C:\Users\Maximilian\AppData\Roaming\OpenCandy, In Quarantäne, [bd431ee2ee12e7197520e1727b872dd3], PUP.Optional.OpenCandy, C:\Users\Maximilian\AppData\Roaming\OpenCandy\51750E1109A043D388B600286AF56EB9, In Quarantäne, [bd431ee2ee12e7197520e1727b872dd3], Dateien: 1 PUP.Optional.OpenCandy, C:\Users\Maximilian\AppData\Roaming\OpenCandy\51750E1109A043D388B600286AF56EB9\DivXInstaller.exe, In Quarantäne, [bd431ee2ee12e7197520e1727b872dd3], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 22:30:23
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : Maximilian - MAXIMILIAN-PC
# Gestartet von : C:\Users\Maximilian\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Maximilian\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\Maximilian\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Maximilian\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Maximilian\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Smartbar
Ordner Gelöscht : C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\CT2736476
Ordner Gelöscht : C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Uniblue
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v14.0.1 (de)
[ Datei : C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\prefs.js ]
Zeile gelöscht : user_pref("CT2736476.1000082.currentList", "[{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive.net/california.asx\",\"description\":\"California Rock - Rock\",\"text\":\"Californi...\",\"type\[...]
Zeile gelöscht : user_pref("CT2736476.1000082.isPlayDisplay", "true");
Zeile gelöscht : user_pref("CT2736476.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\",\"description\":\"Radio 8\",\"text\":\"Radio 8\",\"type\":\"STREAM\"},{\"statio[...]
Zeile gelöscht : user_pref("CT2736476.1000082.nowPlaying", "{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive.net/california.asx\",\"description\":\"California Rock - Rock\",\"text\":\"Californi...\",\"type\":[...]
Zeile gelöscht : user_pref("CT2736476.1000082.publisherStations", "[{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive.net/california.asx\",\"description\":\"California Rock - Rock\",\"text\":\"Californi...\",\[...]
Zeile gelöscht : user_pref("CT2736476.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Zeile gelöscht : user_pref("CT2736476.2736476a129652188678262596000000paramsGK1", "{\"updateReqTime\":1334227286852,\"updateRespTime\":1334227290710,\"data\":{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/bankim[...]
Zeile gelöscht : user_pref("CT2736476.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.FirstTime", "true");
Zeile gelöscht : user_pref("CT2736476.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2736476.UserID", "UN46018148743056646");
Zeile gelöscht : user_pref("CT2736476.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2736476.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT2736476.defaultSearch", "true");
Zeile gelöscht : user_pref("CT2736476.embeddedsData", "[{\"appId\":\"129257551953665476\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2736476.enableAlerts", "false");
Zeile gelöscht : user_pref("CT2736476.enableFix404", "true");
Zeile gelöscht : user_pref("CT2736476.enableSearchFromAddressBar", "true");
Zeile gelöscht : user_pref("CT2736476.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.installId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2736476.installType", "ConduitXPEIntegration");
Zeile gelöscht : user_pref("CT2736476.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2736476.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2736476.keyword", true);
Zeile gelöscht : user_pref("CT2736476.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Ftransfermarkt.de%2F\",\"EB_MAIN_FRAME_TITLE\":\"Das%20Fu%C3%9Fball%20Portal%20%C3%BCber%20di[...]
Zeile gelöscht : user_pref("CT2736476.openThankYouPage", "false");
Zeile gelöscht : user_pref("CT2736476.openUninstallPage", "true");
Zeile gelöscht : user_pref("CT2736476.search.searchAppId", "129257551953665476");
Zeile gelöscht : user_pref("CT2736476.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2736476.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2736476\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreewaredeToolbar.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freeware.de\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1334227281910");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_appTracking_lastUpdate", "1334227286823");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_appsMetadata_lastUpdate", "1334227273937");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1334227276592");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.7.7.9_lastUpdate", "1334227283443");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1334227277343");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_searchAPI_lastUpdate", "1334227269957");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_serviceMap_lastUpdate", "1334227268025");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_toolbarContextMenu_lastUpdate", "1334227277252");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_toolbarSettings_lastUpdate", "1334227269563");
Zeile gelöscht : user_pref("CT2736476.serviceLayer_services_translation_lastUpdate", "1334227275906");
Zeile gelöscht : user_pref("CT2736476.settingsINI", true);
Zeile gelöscht : user_pref("CT2736476.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2736476.smartbar.CTID", "CT2736476");
Zeile gelöscht : user_pref("CT2736476.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2736476.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2736476.smartbar.isHidden", false);
Zeile gelöscht : user_pref("CT2736476.smartbar.toolbarName", "Freeware.de ");
Zeile gelöscht : user_pref("CT2736476.toolbarBornServerTime", "12-4-2012");
Zeile gelöscht : user_pref("CT2736476.toolbarCurrentServerTime", "12-4-2012");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB6&ctid=CT2736476&SearchSource=13");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Freeware.de Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&ctid=CT2736476&SearchSource=2&q=");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("tfp.CT2736476", true);
Zeile gelöscht : user_pref("vshare.install.date", "1315755460");
Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");
Zeile gelöscht : user_pref("vshare.install.fresh", "false");
Zeile gelöscht : user_pref("vshare.install.guid", "{1b5cd0ff-58a6-4966-8586-ad8845ac8d08}");
Zeile gelöscht : user_pref("vshare.install.newtab", false);
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [11336 octets] - [03/04/2014 22:29:09]
AdwCleaner[S0].txt - [10944 octets] - [03/04/2014 22:30:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11005 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 Pro x64
Ran by Maximilian on 03.04.2014 at 22:35:30,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{63FA094E-A311-47C6-8100-26411FBEEDE4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{64FAAB83-CB2F-4D04-B631-ACB3CA6F535B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{63FA094E-A311-47C6-8100-26411FBEEDE4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{63FA094E-A311-47C6-8100-26411FBEEDE4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{63FA094E-A311-47C6-8100-26411FBEEDE4}
~~~ Files
Failed to delete: [File] C:\WINDOWS\syswow64\sho15D5.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho2ABB.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho3E4F.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho3FBF.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho57C6.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho6A6.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho8E8D.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\sho9388.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoA6C.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoA7C7.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoB379.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoB828.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoBB8F.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoC090.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoD9EA.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoE4A4.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoE5B5.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoE683.tmp
Failed to delete: [File] C:\WINDOWS\syswow64\shoFE61.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{28F58D5B-A4A2-46F8-8662-5684A04E8ECA}
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{38855497-2001-411C-999A-6EBC153AABD9}
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{44E91DEF-1F4A-4098-9444-4F4F89BBEE94}
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{4C55F8B0-5A31-4E0E-B2CA-15A3EB0CD884}
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{74B8A4FA-924D-4302-9997-1D481E817567}
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{D356BDB7-D31A-4319-93D8-D33539DB9D67}
Successfully deleted: [Empty Folder] C:\Users\Maximilian\appdata\local\{E5EF8BC9-85B8-4523-A93A-497180414D01}
~~~ FireFox
Successfully deleted: [File] C:\Users\Maximilian\AppData\Roaming\mozilla\firefox\profiles\ii97laq6.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
Emptied folder: C:\Users\Maximilian\AppData\Roaming\mozilla\firefox\profiles\ii97laq6.default\minidumps [156 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 22:45:55,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Maximilian (administrator) on MAXIMILIAN-PC on 03-04-2014 22:49:27
Running from C:\Users\Maximilian\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-24] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-10-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1473888687-1214762889-3515708772-1006\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {63FA094E-A311-47C6-8100-26411FBEEDE4} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6ABB146C-28B3-4FF9-B3E0-A111A07E3551} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.volkswagen-karriere.de/de/jobs/initiativbewerbungsmoeglichkeiten/ferienjobs.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-03]
FF Extension: WEB.DE MailCheck - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\toolbar@web.de.xpi [2011-12-21]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2011-07-03]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2011-07-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-02-12]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Google Drive) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (YouTube) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Google-Suche) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-03]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-03]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-04-03]
CHR Extension: (Google Mail) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
CHR Extension: (Anti-Banner) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-01-08] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-08] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-01-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-12-06] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-08] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-05-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-05-06] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-12-06] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-01-08] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-08] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
U3 idsvc;
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 22:45 - 2014-04-03 22:45 - 00003614 _____ () C:\Users\Maximilian\Desktop\JRT.txt
2014-04-03 22:35 - 2014-04-03 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-03 22:29 - 2014-04-03 22:30 - 00000000 ____D () C:\AdwCleaner
2014-04-03 22:22 - 2014-04-03 22:31 - 00001524 _____ () C:\WINDOWS\PFRO.log
2014-04-03 21:48 - 2014-04-03 21:48 - 01426178 _____ () C:\Users\Maximilian\Downloads\adwcleaner.exe
2014-04-03 21:40 - 2014-04-03 22:25 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-03 21:40 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 21:40 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 21:40 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-03 21:38 - 2014-04-03 21:39 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Maximilian\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-03 21:34 - 2014-04-03 21:37 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B3F4DBD-A5DA-40CF-8380-FA40CD844C51}
2014-04-03 21:31 - 2014-04-03 21:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maximilian\Downloads\revosetup95.exe
2014-04-03 21:31 - 2014-04-03 21:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-01 23:51 - 2014-04-01 23:51 - 00541592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-01 23:46 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-04-01 23:46 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-04-01 21:54 - 2014-04-03 22:16 - 00240949 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 16:53 - 2014-04-01 16:54 - 00042174 _____ () C:\Users\Maximilian\Downloads\Addition.txt
2014-04-01 16:52 - 2014-04-03 22:49 - 00027163 _____ () C:\Users\Maximilian\Downloads\FRST.txt
2014-04-01 16:52 - 2014-04-03 22:49 - 00000000 ____D () C:\FRST
2014-04-01 16:51 - 2014-04-01 16:51 - 02157056 _____ (Farbar) C:\Users\Maximilian\Downloads\FRST64.exe
2014-03-24 23:04 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-24 23:04 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-24 23:04 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-24 23:04 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-24 23:04 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-24 23:04 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-24 23:04 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-24 23:04 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-24 23:04 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-24 23:04 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-24 23:04 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-24 23:04 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-24 23:04 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-24 23:04 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-24 23:04 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-24 23:04 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-24 23:04 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-24 23:04 - 2014-01-31 18:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-24 23:04 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-24 23:04 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-24 23:04 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-24 23:04 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-24 23:04 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-24 23:04 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-24 23:04 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-24 23:04 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-24 23:04 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-24 23:04 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-24 23:04 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-24 23:04 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-24 23:04 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-24 23:04 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-24 23:04 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-24 23:04 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-24 23:04 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-24 23:04 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-24 23:04 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-24 23:04 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-24 23:04 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-24 23:04 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-24 23:04 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-24 23:04 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-24 23:04 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-24 23:04 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-24 23:04 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-24 23:04 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-24 23:04 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-24 23:04 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-24 23:04 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-24 23:04 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-24 23:04 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-24 23:04 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-24 23:03 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-24 23:03 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-24 23:03 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-24 23:03 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-24 23:03 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-24 23:03 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-24 21:16 - 2014-03-24 21:16 - 00000000 _____ () C:\Users\Administrator\.uc-64d2b2abcc792cfb4d4e4c0b0708b488.administrator.maximilian-pc.tmp
2014-03-24 21:12 - 2014-03-24 21:12 - 00002360 _____ () C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-24 21:11 - 2014-03-24 21:16 - 00000000 ____D () C:\Users\Administrator
2014-03-24 21:11 - 2014-03-24 21:11 - 00002271 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00001454 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ____D () C:\Users\Administrator\AppData\LocalGoogle
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-04-03 22:49 - 2014-04-01 16:52 - 00027163 _____ () C:\Users\Maximilian\Downloads\FRST.txt
2014-04-03 22:49 - 2014-04-01 16:52 - 00000000 ____D () C:\FRST
2014-04-03 22:45 - 2014-04-03 22:45 - 00003614 _____ () C:\Users\Maximilian\Desktop\JRT.txt
2014-04-03 22:43 - 2013-02-12 01:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473888687-1214762889-3515708772-1001
2014-04-03 22:38 - 2013-11-14 09:26 - 02063920 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-03 22:38 - 2013-11-14 09:11 - 00876824 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-03 22:38 - 2013-11-14 09:11 - 00200914 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-03 22:35 - 2014-04-03 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-03 22:35 - 2014-01-30 16:55 - 00000584 _____ () C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2014-04-03 22:33 - 2013-02-12 01:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-03 22:32 - 2011-07-26 20:22 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 22:31 - 2014-04-03 22:22 - 00001524 _____ () C:\WINDOWS\PFRO.log
2014-04-03 22:31 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-03 22:30 - 2014-04-03 22:29 - 00000000 ____D () C:\AdwCleaner
2014-04-03 22:27 - 2012-04-04 10:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-03 22:25 - 2014-04-03 21:40 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 22:25 - 2011-07-26 20:22 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 22:22 - 2013-08-22 15:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-03 22:16 - 2014-04-01 21:54 - 00240949 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-03 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-03 21:57 - 2011-07-26 20:22 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Google
2014-04-03 21:56 - 2011-07-26 20:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-03 21:48 - 2014-04-03 21:48 - 01426178 _____ () C:\Users\Maximilian\Downloads\adwcleaner.exe
2014-04-03 21:42 - 2011-10-13 12:30 - 00001158 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001UA.job
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-03 21:39 - 2014-04-03 21:38 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Maximilian\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-03 21:37 - 2014-04-03 21:34 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B3F4DBD-A5DA-40CF-8380-FA40CD844C51}
2014-04-03 21:31 - 2014-04-03 21:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maximilian\Downloads\revosetup95.exe
2014-04-03 21:31 - 2014-04-03 21:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-02 21:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-02 21:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-02 18:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-01 23:51 - 2014-04-01 23:51 - 00541592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-01 23:50 - 2013-03-20 10:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-01 23:50 - 2013-03-20 10:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-01 23:48 - 2013-08-08 13:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-01 23:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-01 23:46 - 2011-07-03 21:25 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-01 16:54 - 2014-04-01 16:53 - 00042174 _____ () C:\Users\Maximilian\Downloads\Addition.txt
2014-04-01 16:51 - 2014-04-01 16:51 - 02157056 _____ (Farbar) C:\Users\Maximilian\Downloads\FRST64.exe
2014-03-30 12:42 - 2011-10-13 12:30 - 00001136 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001Core.job
2014-03-30 11:20 - 2011-07-26 20:22 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 11:20 - 2011-07-26 20:22 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 23:33 - 2014-01-06 16:19 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-24 23:20 - 2013-02-12 01:13 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Packages
2014-03-24 23:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-24 23:17 - 2011-07-03 11:16 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Apple Computer
2014-03-24 23:17 - 2011-07-03 11:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-24 23:17 - 2011-07-02 21:36 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\SoftGrid Client
2014-03-24 23:17 - 2011-03-12 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-24 23:16 - 2013-10-22 14:31 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-24 23:11 - 2013-12-17 17:32 - 00000000 ____D () C:\Program Files\Recuva
2014-03-24 23:10 - 2013-07-16 18:21 - 00000000 ____D () C:\Users\Maximilian\Fotosoftware_Rossmann
2014-03-24 23:10 - 2011-07-03 11:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-24 23:08 - 2014-01-08 14:27 - 00000000 ____D () C:\Users\Maximilian
2014-03-24 23:07 - 2011-10-03 18:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-24 21:16 - 2014-03-24 21:16 - 00000000 _____ () C:\Users\Administrator\.uc-64d2b2abcc792cfb4d4e4c0b0708b488.administrator.maximilian-pc.tmp
2014-03-24 21:16 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator
2014-03-24 21:12 - 2014-03-24 21:12 - 00002360 _____ () C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-24 21:12 - 2009-07-14 07:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-24 21:11 - 2014-03-24 21:11 - 00002271 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00001454 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-24 21:07 - 2014-01-08 14:16 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-16 21:16 - 2014-01-19 19:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-12 12:27 - 2012-04-04 10:56 - 00003796 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 19:07 - 2014-01-08 14:27 - 00000000 ____D () C:\Users\UpdatusUser.Maximilian-PC
2014-03-05 09:26 - 2014-04-03 21:40 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 21:40 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-03 21:40 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 12:26 - 2011-07-04 15:25 - 00000000 ____D () C:\Users\Maximilian\Documents\Uni
2014-03-04 11:21 - 2011-11-03 16:58 - 00000000 ____D () C:\ProgramData\Cisco
Files to move or delete:
====================
C:\Users\Maximilian\license.dat
Some content of TEMP:
====================
C:\Users\Maximilian\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-24 23:04] - [2014-01-31 18:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-04-03 22:43
==================== End Of Log ============================
5. Google Chrome wurde deeinstalliert und neu installiert. Leider keine Veränderung. Wenn Kaspersky´s Schutz angehalten ist, funktioniert dieses jedoch. Liegt das an den Kaspersky Einstellungen? Sonst tritt folgender Fehler auf: "Es kann keine sichere Verbindung zum Server hergestellt werden. Möglicherweise liegt ein Problem mit dem Server vor oder es ist ein Client-Authentifizierungszertifikat erforderlich, das Sie nicht haben. Fehlercode: ERR_SSL_PROTOCOL_ERROR". Kann bereits gesagt werden, ob ich mir einen Schädling bei der ursprünglich geschilderten Situation zugezogen habe? Vielen vielen Dank für die Anstrengungen und Mühe! |
|
04.04.2014, 11:52
| #8 |
| /// the machine /// TB-Ausbilder | GVU Trojaner oder Browlock? Ja, der Rechner war voll Adware. Wenn Chrome mit deaktiviertem Kaspersky funktioniert ist das ein Problem von Kaspersky. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.04.2014, 22:29
| #9 |
| | GVU Trojaner oder Browlock? Schönen guten Abend, 1. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5692db783110f4f871b0fd824b3a825
# engine=17757
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 02:56:07
# local_time=2014-04-04 04:56:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1286 16777213 100 98 66249 51389689 0 0
# compatibility_mode=5893 16776574 100 94 234397 21504660 0 0
# scanned=163340
# found=0
# cleaned=0
# scan_time=1955
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5692db783110f4f871b0fd824b3a825
# engine=17760
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 09:17:53
# local_time=2014-04-04 11:17:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1286 16777213 100 98 89155 51412595 0 0
# compatibility_mode=5893 16776574 100 94 257303 21527566 0 0
# scanned=471959
# found=0
# cleaned=0
# scan_time=9368
Code:
ATTFilter Results of screen317's Security Check version 0.99.80
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Maximilian (administrator) on MAXIMILIAN-PC on 04-04-2014 23:25:14
Running from C:\Users\Maximilian\Downloads\Scan
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-24] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-10-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1473888687-1214762889-3515708772-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1473888687-1214762889-3515708772-1006\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {63FA094E-A311-47C6-8100-26411FBEEDE4} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6ABB146C-28B3-4FF9-B3E0-A111A07E3551} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.volkswagen-karriere.de/de/jobs/initiativbewerbungsmoeglichkeiten/ferienjobs.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-03]
FF Extension: WEB.DE MailCheck - C:\Users\Maximilian\AppData\Roaming\Mozilla\Firefox\Profiles\ii97laq6.default\Extensions\toolbar@web.de.xpi [2011-12-21]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2011-07-03]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2011-07-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-15]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-02-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-02-12]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Google Drive) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (YouTube) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Google-Suche) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-03]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-03]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-04-03]
CHR Extension: (Google Mail) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
CHR Extension: (Anti-Banner) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-01-08] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-08] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-01-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-12-06] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-08] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-05-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-05-06] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-12-06] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-01-08] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-08] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
U3 idsvc;
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 23:04 - 2014-04-04 16:57 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-03 22:54 - 2014-04-04 23:25 - 00000000 ____D () C:\Users\Maximilian\Downloads\Scan
2014-04-03 22:45 - 2014-04-03 22:45 - 00003614 _____ () C:\Users\Maximilian\Desktop\JRT.txt
2014-04-03 22:35 - 2014-04-03 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-03 22:29 - 2014-04-03 22:30 - 00000000 ____D () C:\AdwCleaner
2014-04-03 22:22 - 2014-04-03 22:31 - 00001524 _____ () C:\WINDOWS\PFRO.log
2014-04-03 21:40 - 2014-04-03 22:25 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-03 21:40 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 21:40 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 21:40 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-03 21:34 - 2014-04-04 23:17 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B3F4DBD-A5DA-40CF-8380-FA40CD844C51}
2014-04-03 21:31 - 2014-04-03 21:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-01 23:51 - 2014-04-01 23:51 - 00541592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-01 23:46 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-04-01 23:46 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-04-01 21:54 - 2014-04-04 20:58 - 00326405 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 16:52 - 2014-04-03 22:49 - 00050370 _____ () C:\Users\Maximilian\Downloads\FRST.txt
2014-04-01 16:52 - 2014-04-03 22:49 - 00000000 ____D () C:\FRST
2014-03-24 23:04 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-24 23:04 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-24 23:04 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-24 23:04 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-24 23:04 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-24 23:04 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-24 23:04 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-24 23:04 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-24 23:04 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-24 23:04 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-24 23:04 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-24 23:04 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-24 23:04 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-24 23:04 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-24 23:04 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-24 23:04 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-24 23:04 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-24 23:04 - 2014-01-31 18:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-24 23:04 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-24 23:04 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-24 23:04 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-24 23:04 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-24 23:04 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-24 23:04 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-24 23:04 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-24 23:04 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-24 23:04 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-24 23:04 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-24 23:04 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-24 23:04 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-24 23:04 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-24 23:04 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-24 23:04 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-24 23:04 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-24 23:04 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-24 23:04 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-24 23:04 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-24 23:04 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-24 23:04 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-24 23:04 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-24 23:04 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-24 23:04 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-24 23:04 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-24 23:04 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-24 23:04 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-24 23:04 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-24 23:04 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-24 23:04 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-24 23:04 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-24 23:04 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-24 23:04 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-24 23:04 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-24 23:03 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-24 23:03 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-24 23:03 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-24 23:03 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-24 23:03 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-24 23:03 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-24 21:16 - 2014-03-24 21:16 - 00000000 _____ () C:\Users\Administrator\.uc-64d2b2abcc792cfb4d4e4c0b0708b488.administrator.maximilian-pc.tmp
2014-03-24 21:12 - 2014-03-24 21:12 - 00002360 _____ () C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-24 21:11 - 2014-03-24 21:16 - 00000000 ____D () C:\Users\Administrator
2014-03-24 21:11 - 2014-03-24 21:11 - 00002271 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00001454 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ____D () C:\Users\Administrator\AppData\LocalGoogle
2014-03-24 21:11 - 2014-01-08 14:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-24 21:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-04-04 23:25 - 2014-04-03 22:54 - 00000000 ____D () C:\Users\Maximilian\Downloads\Scan
2014-04-04 23:25 - 2014-04-01 16:52 - 00000000 ____D () C:\FRST
2014-04-04 23:25 - 2011-07-26 20:22 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 23:19 - 2013-02-12 01:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-04 23:17 - 2014-04-03 21:34 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B3F4DBD-A5DA-40CF-8380-FA40CD844C51}
2014-04-04 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-04 22:27 - 2012-04-04 10:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-04 21:42 - 2011-10-13 12:30 - 00001158 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001UA.job
2014-04-04 20:58 - 2014-04-01 21:54 - 00326405 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-04 20:49 - 2013-02-12 01:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473888687-1214762889-3515708772-1001
2014-04-04 20:40 - 2014-01-30 16:55 - 00000584 _____ () C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2014-04-04 20:38 - 2011-07-26 20:22 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 16:57 - 2014-04-03 23:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-04 16:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-04 16:13 - 2013-11-14 09:26 - 02063920 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-04 16:13 - 2013-11-14 09:11 - 00878066 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-04 16:13 - 2013-11-14 09:11 - 00201120 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-03 22:49 - 2014-04-01 16:52 - 00050370 _____ () C:\Users\Maximilian\Downloads\FRST.txt
2014-04-03 22:45 - 2014-04-03 22:45 - 00003614 _____ () C:\Users\Maximilian\Desktop\JRT.txt
2014-04-03 22:35 - 2014-04-03 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-03 22:31 - 2014-04-03 22:22 - 00001524 _____ () C:\WINDOWS\PFRO.log
2014-04-03 22:31 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-03 22:30 - 2014-04-03 22:29 - 00000000 ____D () C:\AdwCleaner
2014-04-03 22:30 - 2011-07-02 20:56 - 00000000 ____D () C:\ProgramData\ICQ
2014-04-03 22:25 - 2014-04-03 21:40 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 22:22 - 2013-08-22 15:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-03 21:57 - 2011-07-26 20:22 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Google
2014-04-03 21:56 - 2011-07-26 20:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 21:40 - 2014-04-03 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-03 21:31 - 2014-04-03 21:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-02 21:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-02 18:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-01 23:51 - 2014-04-01 23:51 - 00541592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-01 23:50 - 2013-03-20 10:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-01 23:50 - 2013-03-20 10:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-01 23:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-01 23:48 - 2013-08-08 13:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-01 23:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-01 23:46 - 2011-07-03 21:25 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-30 12:42 - 2011-10-13 12:30 - 00001136 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1473888687-1214762889-3515708772-1001Core.job
2014-03-30 11:20 - 2011-07-26 20:22 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 11:20 - 2011-07-26 20:22 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 23:33 - 2014-01-06 16:19 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-24 23:20 - 2013-02-12 01:13 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Packages
2014-03-24 23:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-24 23:17 - 2011-07-03 11:16 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Apple Computer
2014-03-24 23:17 - 2011-07-03 11:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-24 23:17 - 2011-07-02 21:36 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\SoftGrid Client
2014-03-24 23:17 - 2011-03-12 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-24 23:16 - 2013-10-22 14:31 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-24 23:11 - 2013-12-17 17:32 - 00000000 ____D () C:\Program Files\Recuva
2014-03-24 23:10 - 2013-07-16 18:21 - 00000000 ____D () C:\Users\Maximilian\Fotosoftware_Rossmann
2014-03-24 23:10 - 2011-07-03 11:00 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-24 23:08 - 2014-01-08 14:27 - 00000000 ____D () C:\Users\Maximilian
2014-03-24 23:07 - 2011-10-03 18:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-24 21:16 - 2014-03-24 21:16 - 00000000 _____ () C:\Users\Administrator\.uc-64d2b2abcc792cfb4d4e4c0b0708b488.administrator.maximilian-pc.tmp
2014-03-24 21:16 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator
2014-03-24 21:12 - 2014-03-24 21:12 - 00002360 _____ () C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-03-24 21:12 - 2014-03-24 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-24 21:12 - 2009-07-14 07:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-24 21:11 - 2014-03-24 21:11 - 00002271 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00001454 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:11 - 2014-03-24 21:11 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:11 - 2014-03-24 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-24 21:07 - 2014-01-08 14:16 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-16 21:16 - 2014-01-19 19:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-12 12:27 - 2012-04-04 10:56 - 00003796 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 19:07 - 2014-01-08 14:27 - 00000000 ____D () C:\Users\UpdatusUser.Maximilian-PC
2014-03-05 09:26 - 2014-04-03 21:40 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 21:40 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-03 21:40 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\Users\Maximilian\license.dat
Some content of TEMP:
====================
C:\Users\Maximilian\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-24 23:04] - [2014-01-31 18:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-04-03 22:43
==================== End Of Log ============================
4. Adware ist natürlich auch nicht gut, aber wie sieht es aus mit Programmen, die Passwörter und Zugangsdaten von mir ausspionieren können (z.B. beim Online Banking oder generell Fremdzugriff)? Erkennbare Probleme hatte ich bisher nicht, es lief alles ganz normal. Nochmals herzlichen Dank für alle Bemühungen und stetigen Anstrengungen!!! |
|
05.04.2014, 11:06
| #10 |
| /// the machine /// TB-Ausbilder | GVU Trojaner oder Browlock? Da war nix, trotzdem ist Passwörter ändern Pflicht bei Befall. Adobe und Firefox updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.04.2014, 12:56
| #11 |
| | GVU Trojaner oder Browlock? Alle Aufgaben erledigt! Vielen Dank für die Hilfe und einen schönen Sonntag wünsche ich!!! |
|
07.04.2014, 12:18
| #12 |
| /// the machine /// TB-Ausbilder | GVU Trojaner oder Browlock? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU Trojaner oder Browlock? |
| aufforderung, beste grüße, browlock, computer, gestern, guten, interne, internetbrowser, kaspersky, manager, nicht mehr, problem, pup.optional.opencandy, pup.optional.pricegong.a, pup.optional.vshareredir, schließen, schutz, schönen, seite, starten, task manager, virenschutz, zahlen |
WARNUNG an die MITLESER: 
Linear-Darstellung
