Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Keylogger? Passwort ausgespäht!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 09.04.2014, 19:51   #1
omurphy
 
Keylogger? Passwort ausgespäht! - Standard

Keylogger? Passwort ausgespäht!



Guten Abend!

jemand hat sich mit meinem Passwort bei meinem Webhoster eingeloggt und Mist gebaut.

Der Hoster-Support tippt auf einen Keylogger auf meinem Rechner - ich halte das für eher unwahrscheinlich - aber dass jemand mein Passwort errät oder (über die Schulter) ausspäht, kann ich ausschließen.

Hat mein Rechner also doch was? Wäre für einen Check dankbar!

Es läuft:
Windows 8, Kaspersky Internet Security und (hin und wieder mal) Spybot S&D

Sonstige Symptome: Keine, außer, dass der Rechner zunehmend langsam ist....

Frst.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by ***** (administrator) on VAIO on 09-04-2014 19:11:37
Running from C:\Users\*****\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
() C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [TuneClone] - C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38280 2012-07-17] (Mindjet)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-04-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [F.lux] - "C:\Users\*****\Local Settings\Apps\F.lux\flux.exe" /noshow
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {3f4965ee-e733-11e2-be8c-0024bebc453e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {922798df-699d-11e2-be6d-506313e0d7de} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {b09f5f90-dcd6-11e2-be87-506313e0d7de} - "F:\EasySuite .exe" bootup
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {d623b469-70a2-11e2-be6d-506313e0d7de} - "F:\EasySuite .exe" bootup
HKU\S-1-5-21-2936259450-3521671367-2592787203-1001\...\MountPoints2: {e7380093-64c9-11e2-be6d-506313e0d7de} - "G:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs4 - {9F0AB6D8-E919-4EE5-866B-5B9A3449D285} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\SysWow64\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {9F0AB6D8-E919-4EE5-866B-5B9A3449D285} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D7913AA4CF7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files (x86)\AliveMedia\Text to Speech\IEToolbar.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-20]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-20]
CHR Extension: (Kaspersky Protection) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-20]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-01-25]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-20]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-18]
CHR Extension: (Print Using Google Cloud Print™) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg [2013-01-24]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-02-18]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-02-18]
CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-21]
CHR Extension: (Virtual Keyboard) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-02-18]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2013-01-23]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-01-23]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-01-21]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-20]
CHR Extension: (Anti-Banner) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-18]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2013-02-18]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [385216 2013-04-24] (EldoS Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-10] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-10] (Kaspersky Lab ZAO)
S3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-02-05] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-02-05] (RapidSolution Software AG)
R3 SSCBFS3; C:\Windows\System32\drivers\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 19:00 - 2014-04-09 19:11 - 00022585 _____ () C:\Users\*****\Desktop\FRST.txt
2014-04-09 19:00 - 2014-04-09 19:00 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-04-09 19:00 - 2014-04-09 19:00 - 00380416 _____ () C:\Users\*****\Desktop\3fk5ydh8.exe
2014-04-09 18:58 - 2014-04-09 18:58 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-04-09 18:57 - 2014-04-09 18:57 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-04-08 20:26 - 2014-04-09 19:11 - 00000000 ____D () C:\FRST
2014-04-08 20:24 - 2014-04-08 20:24 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-04-08 19:50 - 2014-04-09 18:39 - 00003334 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2936259450-3521671367-2592787203-1001
2014-04-08 19:50 - 2014-04-09 18:39 - 00003202 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2936259450-3521671367-2592787203-1001
2014-04-08 17:01 - 2014-04-08 19:53 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 17:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-08 17:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-08 17:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-22 23:12 - 2014-03-22 23:13 - 05752608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-22 21:25 - 2014-03-22 23:10 - 01572864 _____ () C:\WINDOWS\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-03-18 22:43 - 2014-03-18 22:43 - 00003605 _____ () C:\Users\*****\.ganttproject
2014-03-18 22:43 - 2014-03-18 22:43 - 00000225 _____ () C:\Users\*****\java0.log
2014-03-18 22:09 - 2014-03-18 22:43 - 00001619 _____ () C:\Users\*****\ganttproject.log
2014-03-18 22:09 - 2014-03-18 22:09 - 00000000 ____D () C:\Program Files (x86)\GanttProject-2.6
2014-03-12 23:50 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 23:50 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 23:49 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 23:49 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 23:49 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-03-12 23:49 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-03-12 23:49 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 23:49 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 23:49 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 23:49 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-12 23:49 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-12 23:49 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 23:49 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 23:49 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-12 23:49 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-12 23:49 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-12 23:49 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-12 23:49 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-03-12 23:49 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 23:49 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-12 23:49 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-12 23:48 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 23:48 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 23:48 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-03-12 23:48 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-10 13:31 - 2014-03-10 13:31 - 00001329 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk

==================== One Month Modified Files and Folders =======

2014-04-09 19:11 - 2014-04-09 19:00 - 00022585 _____ () C:\Users\*****\Desktop\FRST.txt
2014-04-09 19:11 - 2014-04-08 20:26 - 00000000 ____D () C:\FRST
2014-04-09 19:08 - 2013-01-20 23:20 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 19:00 - 2014-04-09 19:00 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-04-09 19:00 - 2014-04-09 19:00 - 00380416 _____ () C:\Users\*****\Desktop\3fk5ydh8.exe
2014-04-09 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-09 18:58 - 2014-04-09 18:58 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-04-09 18:58 - 2013-02-18 21:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-09 18:57 - 2014-04-09 18:57 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-04-09 18:45 - 2012-07-26 12:27 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-09 18:45 - 2012-07-26 12:27 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-09 18:45 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-09 18:39 - 2014-04-08 19:50 - 00003334 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2936259450-3521671367-2592787203-1001
2014-04-09 18:39 - 2014-04-08 19:50 - 00003202 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2936259450-3521671367-2592787203-1001
2014-04-09 18:39 - 2013-01-20 23:20 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 18:38 - 2013-04-09 18:26 - 00021946 _____ () C:\WINDOWS\PFRO.log
2014-04-09 18:38 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-09 18:37 - 2012-07-26 07:26 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-09 18:21 - 2013-01-22 02:34 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-09 18:18 - 2013-01-23 01:07 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-04-09 18:09 - 2013-01-20 22:25 - 00000000 ____D () C:\Users\*****
2014-04-09 17:52 - 2013-01-22 16:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-09 15:04 - 2013-01-22 15:54 - 16459776 ___SH () C:\Users\*****\Desktop\Thumbs.db
2014-04-09 14:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-04-08 20:24 - 2014-04-08 20:24 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-04-08 19:53 - 2014-04-08 17:01 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 17:08 - 2013-05-30 14:46 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-08 17:08 - 2013-05-30 14:45 - 556752336 _____ () C:\WINDOWS\MEMORY.DMP
2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 17:01 - 2014-04-08 17:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-08 16:57 - 2013-01-22 15:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-04-08 12:04 - 2013-02-08 00:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-04-04 09:31 - 2013-01-20 23:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-03 12:10 - 2013-09-06 23:36 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-04-03 09:51 - 2014-04-08 17:01 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 17:01 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 17:01 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-31 18:55 - 2013-01-20 22:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-03-29 22:03 - 2013-01-20 23:20 - 00004092 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 22:03 - 2013-01-20 23:20 - 00003856 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 17:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-26 12:14 - 2013-01-20 22:32 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2936259450-3521671367-2592787203-1001
2014-03-26 01:06 - 2013-09-25 00:41 - 00000132 _____ () C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-24 09:54 - 2013-10-17 16:47 - 00625760 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-03-24 09:54 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-03-24 09:54 - 2013-05-07 18:56 - 00065120 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2014-03-22 23:13 - 2014-03-22 23:12 - 05752608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-22 23:12 - 2013-03-29 22:23 - 02004890 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-22 23:10 - 2014-03-22 21:25 - 01572864 _____ () C:\WINDOWS\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-03-19 19:55 - 2013-07-15 22:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-19 19:52 - 2013-01-22 01:32 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-19 19:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-18 22:43 - 2014-03-18 22:43 - 00003605 _____ () C:\Users\*****\.ganttproject
2014-03-18 22:43 - 2014-03-18 22:43 - 00000225 _____ () C:\Users\*****\java0.log
2014-03-18 22:43 - 2014-03-18 22:09 - 00001619 _____ () C:\Users\*****\ganttproject.log
2014-03-18 22:09 - 2014-03-18 22:09 - 00000000 ____D () C:\Program Files (x86)\GanttProject-2.6
2014-03-18 21:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-03-17 11:31 - 2013-01-20 22:26 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 11:31 - 2013-01-20 22:26 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-17 11:29 - 2013-03-13 18:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 11:29 - 2013-03-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 11:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-17 11:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-17 11:27 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-17 11:26 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-17 11:26 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 02:28 - 2013-01-21 01:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 20:23 - 2013-01-22 02:34 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 13:38 - 2013-10-17 16:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2014-03-10 13:38 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2014-03-10 13:38 - 2013-06-06 18:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2014-03-10 13:38 - 2012-07-27 19:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys
2014-03-10 13:31 - 2014-03-10 13:31 - 00001329 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-03-10 11:27 - 2013-02-18 21:38 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-10 00:33 - 2013-08-03 23:49 - 00000000 ____D () C:\My Kindle Content

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-07 12:42

==================== End Of Log ============================
         
addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ***** at 2014-04-09 19:12:21
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Aiseesoft Total Video Converter 6.2.66 (HKLM-x32\...\{E09CEBAA-4435-4404-8D82-4C029F6391E4}_is1) (Version: 6.2.66 - Aiseesoft Studio)
Alive Text to Speech v6.1.0.2 (HKLM-x32\...\Alive Text to Speech_is1) (Version:  - AliveMedia, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.5 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 9 v.9.4.3 (HKLM-x32\...\Ashampoo Photo Commander 9_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG)
Audials (HKLM-x32\...\{30819B2C-C281-4D17-B4D4-ADC7D42BDB19}) (Version: 10.1.6207.700 - Audials AG)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BoxCryptor 1.5 (HKLM-x32\...\BoxCryptor) (Version: 1.5.413.155 - Secomba GmbH)
calibre 64bit (HKLM\...\{96AC0686-B9D4-4D85-A1ED-E1AA8550C15A}) (Version: 1.9.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EBookToMP3 (HKLM-x32\...\EBookToMP3_is1) (Version: Aktuelle Version - IN MEDIA KG)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
F.lux (HKCU\...\Flux) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Fotobuchexpress24 Bestellsoftware (HKLM-x32\...\Fotobuchexpress24) (Version: 3.1.26 - SSW Software GmbH)
Fotobuchexpress24 Bestellsoftware (x32 Version: 3.1.26 - SSW Software GmbH) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
maxdome - Online Videothek (HKLM\...\maxdome - Online Videothek) (Version: 1.0 - maxdome GmbH und Co. KG)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mindjet MindManager 2012 (HKLM-x32\...\{2DD3FE18-F257-484C-8543-3793F14D999F}) (Version: 10.2.404 - Mindjet)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NaturalReaderFree (HKLM-x32\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.31 - Stardock Software, Inc.)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Selbstständige 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Storybook4 (HKLM-x32\...\Storybook4) (Version: 4.0.9 - Intertec)
SugarSync (HKLM-x32\...\SugarSync) (Version: 2.0.44.122879 - SugarSync, Inc.)
SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Timeline 0.10.2 (HKLM-x32\...\Timeline_is1) (Version:  - Rickard Lindberg <ricli85@gmail.com>)
TogglDesktop (HKLM-x32\...\{901ACF4B-7DDB-4DE2-A9D7-6C1DA40671EE}) (Version: 4.94.0 - Toggl)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TTS (HKLM-x32\...\{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}) (Version: 1.0.0.0 - ZoomCommerce Co., Ltd.)
TuneClone 2.20 (HKLM\...\TuneClone_is1) (Version:  - TuneClone.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Your Software Deals (HKLM-x32\...\Your Software Deals_is1) (Version:  - Ashampoo GmbH & Co. KG)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)
ZDFmediathek Version 2.1.6 (HKLM\...\ZDFmediathek_is1) (Version:  - ZDF)

==================== Restore Points  =========================

24-03-2014 13:51:34 Installed Evernote v. 5.2.1
04-04-2014 08:40:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03AEA02F-F327-44C2-A3EB-128992CAAFB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {4ADBFEAF-85BD-4B88-8CA4-873019AF1CCB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2936259450-3521671367-2592787203-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {7538BC4C-FF28-41D0-A5BF-6CFA719CC6DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {82CD85AB-C8AB-4ABF-AF3B-0CDFA85559C3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {85577CCA-1E43-4AD8-950D-A21AC130F708} - System32\Tasks\AdobeAAMUpdater-1.0-Vaio-***** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9BBED98F-08AA-4588-8654-CE0A17ACD722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A861DDF7-467F-4BBB-AE04-A0F2894E2CCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B610BAEE-4DA5-4707-92D3-1B3265C4F67D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BDFBD245-FDA4-4EA7-B220-337318DC16E8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2936259450-3521671367-2592787203-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D2A91522-43A0-4C58-8827-6F2CA2D90D3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {DDC83C61-9FA3-4013-92ED-07F5A9FEC666} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-11 07:31 - 2014-01-23 01:11 - 00301920 _____ () C:\Program Files (x86)\SugarSync\x64\SugarSyncVFSNamespace64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-03-13 16:41 - 2012-12-11 14:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-06-01 11:16 - 2013-06-01 11:17 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-04-04 09:31 - 2014-04-02 13:19 - 01380704 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-01-22 16:36 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-22 16:36 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-22 16:36 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-22 16:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-22 16:36 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-22 16:36 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-17 12:05 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-03-17 12:05 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-17 12:05 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-17 12:05 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 12:05 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 12:05 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-04-04 09:31 - 2014-04-02 13:19 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\libglesv2.dll
2014-04-04 09:31 - 2014-04-02 13:19 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\libegl.dll
2014-04-04 09:31 - 2014-04-02 13:19 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\ffmpegsumo.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-03-14 17:50 - 2014-03-14 17:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-03-14 17:50 - 2014-03-14 17:50 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FOXCONN-T77H114-BCM2070
Description: FOXCONN-T77H114-BCM2070
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5484

Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5484

Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4109

Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4109

Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1343

Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1343

Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2014 08:37:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19859


System errors:
=============
Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/08/2014 05:11:47 PM) (Source: DCOM) (User: Vaio)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/08/2014 05:09:28 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a64\??\C:\Users\*****\AppData\Local\Microsoft\Windows\UsrClass.dat

Error: (04/08/2014 05:08:39 PM) (Source: BugCheck) (User: )
Description: 0x0000000a (0x0000000000000203, 0x0000000000000002, 0x0000000000000000, 0xfffff800db8addb3)C:\WINDOWS\MEMORY.DMP

Error: (04/08/2014 05:08:39 PM) (Source: BugCheck) (User: )
Description: 

Error: (04/08/2014 05:08:34 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎08.‎04.‎2014 um 13:22:40 unerwartet heruntergefahren.

Error: (04/08/2014 04:57:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht.

Error: (04/07/2014 01:17:50 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


Microsoft Office Sessions:
=========================
Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5484

Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5484

Error: (04/09/2014 05:11:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4109

Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4109

Error: (04/09/2014 05:11:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1343

Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1343

Error: (04/09/2014 05:11:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2014 08:37:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19859


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 3950.09 MB
Available physical RAM: 1640.91 MB
Total Pagefile: 7918.09 MB
Available Pagefile: 4702.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:108.46 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive g: (Elements) (Fixed) (Total:2794.52 GB) (Free:1648.9 GB) NTFS
Drive m: (My Passport) (Fixed) (Total:465.11 GB) (Free:20.67 GB) NTFS
Drive x: () (Fixed) (Total:55 GB) (Free:0.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9E7464BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465 GB) (Disk ID: 00021968)
Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== End Of Log ============================
         

gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-09 20:02:34
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000046 TOSHIBA_MK5055GSX rev.FG001A 465,76GB
Running: 3fk5ydh8.exe; Driver: C:\Users\*****\AppData\Local\Temp\pxloypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\BtwRSupportService.exe[1808] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                   000007fb5b061532 4 bytes [06, 5B, FB, 07]
.text   C:\WINDOWS\system32\BtwRSupportService.exe[1808] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                   000007fb5b06153a 4 bytes [06, 5B, FB, 07]
.text   C:\WINDOWS\system32\BtwRSupportService.exe[1808] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                 000007fb5b06165a 4 bytes [06, 5B, FB, 07]
.text   C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                      000007fb5b061532 4 bytes [06, 5B, FB, 07]
.text   C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                      000007fb5b06153a 4 bytes [06, 5B, FB, 07]
.text   C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                    000007fb5b06165a 4 bytes [06, 5B, FB, 07]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                            000007fb6423104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39                            000007fb64231087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                             000007fb642310dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128                            000007fb64231110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36                                      000007fb64231174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!memcmp + 199                                            000007fb64231257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 144                                            000007fb64231300 16 bytes {JMP 0xffffffffffffff8c}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183                                            000007fb642313d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168                                            000007fb64231578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405                                           000007fb64231725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strncmp + 181                                           000007fb64231805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354                                           000007fb64231982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52                     000007fb64231a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601                              000007fb64231dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99                                  000007fb64231e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118                       000007fb64232096 48 bytes {JMP 0xffffffffffffffc0}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                      000007fb642325b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!__chkstk + 77                                           000007fb6423261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!_setjmp + 160                                           000007fb642326f0 16 bytes {JMP RAX}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!longjmp + 236                                           000007fb6423289c 32 bytes {JMP 0xffffffffffffffb9}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                  000007fb64232cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                000007fb64232e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      000007fb64232e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    000007fb64232f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                        000007fb64233030 8 bytes {JMP QWORD [RIP-0x792]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        000007fb642336f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                      000007fb642339d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                      000007fb64234251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616                                 00000000775f15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 3                                   00000000775f15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272                      00000000775f17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140                                  00000000775f18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                              00000000775f18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                              00000000775f1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 23                        00000000775f1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                        00000000775f195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                             00000000775f196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\WacomHost.exe[3556] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3                          00000000775f1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2128] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306                         000007fb6327177a 4 bytes [27, 63, FB, 07]
.text   C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2128] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314                         000007fb63271782 4 bytes [27, 63, FB, 07]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61         000007fb6423104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39         000007fb64231087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77          000007fb642310dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128         000007fb64231110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36                   000007fb64231174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!memcmp + 199                         000007fb64231257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 144                         000007fb64231300 16 bytes {JMP 0xffffffffffffff8c}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183                         000007fb642313d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168                         000007fb64231578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405                        000007fb64231725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strncmp + 181                        000007fb64231805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354                        000007fb64231982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52  000007fb64231a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601           000007fb64231dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99               000007fb64231e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118    000007fb64232096 48 bytes {JMP 0xffffffffffffffc0}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403   000007fb642325b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!__chkstk + 77                        000007fb6423261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!_setjmp + 160                        000007fb642326f0 16 bytes {JMP RAX}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!longjmp + 236                        000007fb6423289c 32 bytes {JMP 0xffffffffffffffb9}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread               000007fb64232cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread             000007fb64232e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                   000007fb64232e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                 000007fb64232f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                     000007fb64233030 8 bytes {JMP QWORD [RIP-0x792]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                     000007fb642336f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                   000007fb642339d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                   000007fb64234251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616              00000000775f15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 3                00000000775f15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272   00000000775f17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140               00000000775f18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23           00000000775f18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23           00000000775f1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 23     00000000775f1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23     00000000775f195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3          00000000775f196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[5204] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3       00000000775f1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                 000007fb6423104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39                                 000007fb64231087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                  000007fb642310dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128                                 000007fb64231110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36                                           000007fb64231174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!memcmp + 199                                                 000007fb64231257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 144                                                 000007fb64231300 16 bytes {JMP 0xffffffffffffff8c}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183                                                 000007fb642313d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strlen + 168                                                 000007fb64231578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncat + 405                                                000007fb64231725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncmp + 181                                                000007fb64231805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!strncpy + 354                                                000007fb64231982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52                          000007fb64231a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601                                   000007fb64231dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99                                       000007fb64231e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118                            000007fb64232096 48 bytes {JMP 0xffffffffffffffc0}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                           000007fb642325b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!__chkstk + 77                                                000007fb6423261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!_setjmp + 160                                                000007fb642326f0 16 bytes {JMP RAX}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!longjmp + 236                                                000007fb6423289c 32 bytes {JMP 0xffffffffffffffb9}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                       000007fb64232cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                     000007fb64232e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                           000007fb64232e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         000007fb64232f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                             000007fb64233030 8 bytes {JMP QWORD [RIP-0x792]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             000007fb642336f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                           000007fb642339d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                           000007fb64234251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616                                      00000000775f15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 3                                        00000000775f15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272                           00000000775f17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140                                       00000000775f18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                   00000000775f18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                   00000000775f1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 23                             00000000775f1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                             00000000775f195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                  00000000775f196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\*****\Desktop\3fk5ydh8.exe[3396] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3                               00000000775f1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [676:708]                                                                                               fffff9600094f5e8
Thread  C:\WINDOWS\system32\csrss.exe [676:712]                                                                                               fffff9600094f5e8
Thread   [3724:3880]                                                                                                                          0000000072267950
Thread   [3724:3884]                                                                                                                          000000007240c59c
Thread   [3724:3892]                                                                                                                          000000007240c59c
Thread   [3724:3292]                                                                                                                          000000007240c59c
Thread   [3724:4056]                                                                                                                          000000007240c59c
Thread   [3724:3692]                                                                                                                          00000000564c0dc7
Thread   [3724:4064]                                                                                                                          00000000565736af
Thread   [3724:2004]                                                                                                                          00000000565736af
Thread   [3724:3500]                                                                                                                          000000005367d80c
Thread   [3724:416]                                                                                                                           0000000075d64f62
Thread   [3724:2844]                                                                                                                          00000000565736af
Thread   [3724:4612]                                                                                                                          000000007240c59c
Thread   [3724:3528]                                                                                                                          00000000776750a7
Thread   [3724:6880]                                                                                                                          00000000776750a7
Thread   [3724:7008]                                                                                                                          00000000776750a7
Thread   [3724:5456]                                                                                                                          00000000776750a7
Thread   [3724:1936]                                                                                                                          00000000776750a7
Thread   [3724:6048]                                                                                                                          00000000776750a7
Thread   [3724:5072]                                                                                                                          00000000776750a7
Thread   [3724:6632]                                                                                                                          0000000075d64f62
Thread   [3724:188]                                                                                                                           0000000075d64f62
Thread   [3724:6676]                                                                                                                          00000000746624c6

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                     -688039526
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\506313e0d7de                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\506313e0d7de@d8b3770b0e76                                              0xA6 0x1B 0x63 0x3A ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@LastProcessedRevision                                                          7157049

---- EOF - GMER 2.1 ----
         
Den Rechner nutze ich auch als Freiberufler, alle Software ist natürlich legal und lizensiert!
Besten Dank für die Hilfe!

 

Themen zu Keylogger? Passwort ausgespäht!
bonjour, browser, converter, defender, ebanking, excel, explorer, flash player, format, ftp, google, homepage, internet, kaspersky, langsam, ntdll.dll, registry, rootkit, rundll, scan, security, services.exe, sketchup, software, svchost.exe, system, tablet, tracker, usb, windows xp, windowsapps




Ähnliche Themen: Keylogger? Passwort ausgespäht!


  1. Unbekannte Programme, ausgespäht?
    Log-Analyse und Auswertung - 13.07.2015 (13)
  2. Wird mein Computer ausgespäht?
    Log-Analyse und Auswertung - 12.02.2014 (1)
  3. Virus - DKB Konto ausgespäht - Entrusted Toolbar
    Log-Analyse und Auswertung - 16.08.2013 (8)
  4. Sparkassen-Onlinebanking ausgespäht: EXP/CVE-2013-2423.F sowie TR/Agent.385024.338
    Log-Analyse und Auswertung - 15.05.2013 (24)
  5. GVU nach Kapersky Nutzung als Gast anmelden OK ohne Passwort, nicht als Administrator mit Passwort
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (33)
  6. Rechner ausgespäht? Antivirenprogramme finden nichts. :(
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (14)
  7. Trojaner hat Email Passwort ausgespäht
    Plagegeister aller Art und deren Bekämpfung - 18.03.2011 (8)
  8. Rechner mit GOZI infiziert - online bankingdaten ausgespäht
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (15)
  9. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  10. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  11. SchülerVZ-Datenlecks: auch geschützte Informationen ausgespäht
    Nachrichten - 28.10.2009 (0)
  12. SchülerVZ-Datenlecks: Auch geschützte Informationen ausgespäht
    Nachrichten - 28.10.2009 (0)
  13. Mehrere tausend Hotmail-Konten ausgespäht
    Nachrichten - 07.10.2009 (0)
  14. Mehrere tausend Hotmail-Konten ausgespäht
    Nachrichten - 06.10.2009 (0)
  15. FTP Passwörter ausgespäht
    Plagegeister aller Art und deren Bekämpfung - 30.09.2008 (3)
  16. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  17. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)

Zum Thema Keylogger? Passwort ausgespäht! - Guten Abend! jemand hat sich mit meinem Passwort bei meinem Webhoster eingeloggt und Mist gebaut. Der Hoster-Support tippt auf einen Keylogger auf meinem Rechner - ich halte das für eher - Keylogger? Passwort ausgespäht!...
Archiv
Du betrachtest: Keylogger? Passwort ausgespäht! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.