Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verdacht auf Trojaner > Java Probleme?

Verdacht auf Trojaner > Java Probleme?


Log-Analyse und Auswertung: Verdacht auf Trojaner > Java Probleme?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.05.2014, 17:06   #1
Hitokiri
 
Verdacht auf Trojaner > Java Probleme? - Standard

Verdacht auf Trojaner > Java Probleme?


Hallo,

mein System läuft jetzt seit über ein Jahr. Leider finde ich immerwieder merkwürdige Aktivitäten die über Malwarebytes gefunden werden. Aber nach einer Zeit kommen diese wieder obwohl ich sie gelöscht habe. Dazu kommt noch Eset dazu, diese finden viele Java Trojaner.


Würde mich sehr freune wenn Ihr mal of die Logs ein Blick wirft.
Als Virenscanner benutze ich Kaspersky sieht man aber auch in den Logs.

Danke im vorraus.

MfG

Hitokiri


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Shini (administrator) on MASTERDARK on 20-05-2014 17:19:31
Running from C:\Users\Shini\Desktop\Schutzprogramme
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3848949020-3587463593-1815979880-1001\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-3848949020-3587463593-1815979880-1001\...\MountPoints2: {f6bbfb51-fb44-11e1-9155-001d7dd2b958} - F:\setup.exe

==================== Internet (Whitelisted) ====================

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 80.69.100.230

FireFox:
========
FF ProfilePath: C:\Users\Shini\AppData\Roaming\Mozilla\Firefox\Profiles\3nuc42l5.default
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Shini\AppData\Roaming\Mozilla\Firefox\Profiles\3nuc42l5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-22]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-20]

==================== Services (Whitelisted) =================

S4 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-03-01] (Autodata Limited)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)

==================== Drivers (Whitelisted) ====================

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-10] (DT Soft Ltd)
S2 HOSTNT; C:\Windows\SysWow64\Drivers\HOSTNT.sys [4032 2013-03-01] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-20] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-20] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-20] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42944 2010-08-22] (hxxp://libusb-win32.sourceforge.net)
S3 MEMSWEEP2; C:\Windows\system32\76BB.tmp [6144 2009-06-18] (Sophos Plc)
S1 StarOpen; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 16:13 - 2014-05-20 17:19 - 00000000 ____D () C:\FRST
2014-05-20 16:00 - 2014-05-20 16:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 15:51 - 2014-05-20 17:19 - 00000000 ____D () C:\Users\Shini\Desktop\Schutzprogramme
2014-05-20 15:41 - 2014-05-20 15:47 - 00000000 ____D () C:\AdwCleaner
2014-05-20 15:07 - 2014-05-20 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-05-20 15:07 - 2014-05-20 15:06 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-05-20 15:06 - 2014-05-20 15:06 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-20 15:06 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-05-20 15:05 - 2014-05-20 15:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-20 15:05 - 2014-05-20 15:12 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-20 15:05 - 2014-05-20 15:12 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-20 15:05 - 2014-05-20 15:05 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-05-20 15:05 - 2014-05-20 15:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-17 08:23 - 2014-05-20 15:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 08:22 - 2014-05-17 08:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 08:22 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 08:22 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 23:27 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:27 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:27 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:27 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:27 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:27 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:50 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:50 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:50 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:50 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:50 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:50 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:50 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:50 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:50 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:50 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:50 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:50 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 22:50 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:50 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:50 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:50 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:50 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:50 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:50 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:50 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:50 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:50 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:50 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:50 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:50 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:50 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:50 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 15:56 - 2014-05-12 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-03 20:10 - 2014-05-15 09:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 09:27 - 2014-05-03 09:27 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-03 09:24 - 2014-05-03 09:24 - 00000856 _____ () C:\Users\Public\Desktop\Child of Light.lnk
2014-05-03 09:21 - 2014-05-03 09:25 - 00000000 ____D () C:\Program Files (x86)\Child of Light
2014-04-30 05:15 - 2014-05-20 15:48 - 00001492 _____ () C:\Windows\PFRO.log
2014-04-29 21:17 - 2012-05-30 02:20 - 05466948 ____H (Igor Pavlov) C:\Users\Shini\Downloads\absinthe-win-2.0.4.exe
2014-04-29 18:27 - 2014-04-29 18:27 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Wondershare
2014-04-29 18:11 - 2014-04-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-04-29 18:11 - 2014-04-29 18:11 - 00000000 ____D () C:\Users\Shini\AppData\Local\Wondershare
2014-04-29 18:11 - 2014-04-29 18:11 - 00000000 ____D () C:\ProgramData\Wondershare
2014-04-27 20:24 - 2014-04-28 16:40 - 00000000 ____D () C:\Program Files (x86)\AllToAVI
2014-04-27 20:24 - 2014-04-27 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllToAVI
2014-04-23 19:43 - 2014-04-23 20:18 - 00000577 _____ () C:\Users\Shini\Desktop\Neues Textdokument (4).txt
2014-04-22 23:05 - 2014-04-22 23:05 - 00000000 ____D () C:\Users\Shini\AppData\Local\Logitech
2014-04-22 23:05 - 2014-04-22 23:05 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-04-22 23:04 - 2014-04-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-04-22 23:04 - 2014-04-22 23:04 - 00000776 _____ () C:\Windows\LkmdfCoInst.log
2014-04-22 23:03 - 2014-04-22 23:04 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-04-22 23:03 - 2014-04-22 23:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-22 23:03 - 2014-04-22 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-04-22 23:01 - 2014-04-22 23:01 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Logitech
2014-04-22 23:01 - 2014-04-22 23:01 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Logishrd

==================== One Month Modified Files and Folders =======

2014-05-20 17:19 - 2014-05-20 16:13 - 00000000 ____D () C:\FRST
2014-05-20 17:19 - 2014-05-20 15:51 - 00000000 ____D () C:\Users\Shini\Desktop\Schutzprogramme
2014-05-20 16:21 - 2013-03-18 16:44 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-20 16:00 - 2014-05-20 16:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 15:54 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 15:54 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 15:53 - 2009-07-14 19:58 - 00701548 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 15:53 - 2009-07-14 19:58 - 00150448 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 15:53 - 2009-07-14 07:13 - 01621612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 15:52 - 2012-08-08 19:06 - 01772878 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 15:49 - 2014-05-20 15:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-20 15:48 - 2014-04-30 05:15 - 00001492 _____ () C:\Windows\PFRO.log
2014-05-20 15:48 - 2014-04-15 12:52 - 00003618 _____ () C:\Windows\setupact.log
2014-05-20 15:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 15:47 - 2014-05-20 15:41 - 00000000 ____D () C:\AdwCleaner
2014-05-20 15:43 - 2013-03-18 16:44 - 00000000 ____D () C:\Windows\AutoKMS
2014-05-20 15:12 - 2014-05-20 15:05 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-20 15:12 - 2014-05-20 15:05 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-20 15:12 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-05-20 15:12 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-05-20 15:12 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-05-20 15:07 - 2014-05-20 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-05-20 15:06 - 2014-05-20 15:07 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-05-20 15:06 - 2014-05-20 15:06 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-20 15:05 - 2014-05-20 15:05 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-05-20 15:05 - 2014-05-20 15:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-20 15:00 - 2014-05-17 08:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 14:52 - 2012-08-10 15:08 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-19 17:04 - 2012-11-18 14:38 - 00000600 _____ () C:\Users\Shini\AppData\Roaming\winscp.rnd
2014-05-19 13:32 - 2013-06-24 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 13:25 - 2012-08-09 13:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-19 13:25 - 2012-08-09 13:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 08:22 - 2014-05-17 08:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 08:22 - 2013-08-25 16:23 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-17 08:22 - 2013-08-25 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-17 08:22 - 2013-02-01 20:58 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Malwarebytes
2014-05-17 08:22 - 2013-02-01 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 11:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 09:44 - 2013-03-03 21:32 - 00000000 ___RD () C:\Users\Shini\Virtual Machines
2014-05-15 09:44 - 2012-08-08 19:10 - 00000000 ___RD () C:\Users\Shini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:44 - 2012-08-08 19:10 - 00000000 ___RD () C:\Users\Shini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 09:38 - 2014-05-03 20:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 09:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:54 - 2013-08-10 21:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:52 - 2009-10-14 07:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 22:43 - 2013-11-26 16:48 - 00000000 ____D () C:\Users\Shini\Documents\DragonNest
2014-05-12 18:14 - 2014-05-12 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-14 22:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 22:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 22:44 - 2014-04-24 00:39 - 00000000 ___HD () C:\Users\Shini\Downloads\24.Twenty.Four.Staffel.7.German.DL.DVDRiP.XviD
2014-05-06 02:46 - 2014-05-14 23:27 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-14 23:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-14 23:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-14 23:27 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-14 23:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-14 23:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 21:58 - 2013-05-10 15:59 - 00000000 ___HD () C:\Users\Shini\Downloads\Moves
2014-05-03 09:27 - 2014-05-03 09:27 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-03 09:27 - 2013-11-13 12:31 - 00000000 ____D () C:\ProgramData\Steam
2014-05-03 09:27 - 2012-09-19 13:44 - 00000000 ____D () C:\Users\Shini\Documents\My Games
2014-05-03 09:19 - 2012-09-10 21:54 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\DAEMON Tools Lite
2014-05-01 07:25 - 2012-08-08 19:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-30 05:22 - 2014-04-06 14:49 - 00000000 ____D () C:\Users\Shini\Desktop\Bilder Iphone
2014-04-30 05:15 - 2014-04-15 12:52 - 00328624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 18:42 - 2014-04-29 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-04-29 18:42 - 2012-08-08 19:10 - 00000000 ____D () C:\Users\Shini
2014-04-29 18:27 - 2014-04-29 18:27 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Wondershare
2014-04-29 18:11 - 2014-04-29 18:11 - 00000000 ____D () C:\Users\Shini\AppData\Local\Wondershare
2014-04-29 18:11 - 2014-04-29 18:11 - 00000000 ____D () C:\ProgramData\Wondershare
2014-04-29 18:01 - 2014-04-14 15:36 - 00084000 _____ () C:\Users\Shini\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-28 16:40 - 2014-04-27 20:24 - 00000000 ____D () C:\Program Files (x86)\AllToAVI
2014-04-27 20:24 - 2014-04-27 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllToAVI
2014-04-23 20:18 - 2014-04-23 19:43 - 00000577 _____ () C:\Users\Shini\Desktop\Neues Textdokument (4).txt
2014-04-22 23:05 - 2014-04-22 23:05 - 00000000 ____D () C:\Users\Shini\AppData\Local\Logitech
2014-04-22 23:05 - 2014-04-22 23:05 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-04-22 23:04 - 2014-04-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-04-22 23:04 - 2014-04-22 23:04 - 00000776 _____ () C:\Windows\LkmdfCoInst.log
2014-04-22 23:04 - 2014-04-22 23:03 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-04-22 23:03 - 2014-04-22 23:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-22 23:03 - 2014-04-22 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-04-22 23:01 - 2014-04-22 23:01 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Logitech
2014-04-22 23:01 - 2014-04-22 23:01 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Logishrd
2014-04-20 10:38 - 2012-10-31 14:21 - 00000000 ____D () C:\Users\Shini\AppData\Local\Adobe
2014-04-20 10:34 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 00:22 - 2012-08-16 14:23 - 00000000 ____D () C:\Users\Shini\AppData\Roaming\Media Player Classic

Some content of TEMP:
====================
C:\Users\Shini\AppData\Local\Temp\bassmod.dll
C:\Users\Shini\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Shini\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 22:50] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-05-19 00:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Additional:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Shini at 2014-05-20 17:19:47
Running from C:\Users\Shini\Desktop\Schutzprogramme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Disabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Disabled - Out of date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dragon Nest Europe (HKLM-x32\...\Dragon Nest Europe) (Version:  - )
E3MC - Windows Shutdown Timer v5.7 Full (HKLM-x32\...\{8A5458F0-0F3A-486E-8436-6CF05977093F}) (Version: 5.7.0.0 - E3MC Clan)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ICQ7M (HKLM-x32\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.27 - mIRC Co. Ltd.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version:  - NCsoft)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Tomb Raider_is1) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1.1 - Martin Prikryl)

==================== Restore Points  =========================

01-05-2014 05:24:04 Entfernt League of Legends
02-05-2014 04:55:18 Windows Update
03-05-2014 18:09:53 Windows Update
09-05-2014 14:38:28 Windows Update
14-05-2014 20:51:04 Windows Update

==================== Hosts content: ==========================

2014-04-06 15:32 - 2014-04-11 14:41 - 00000880 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {045E6D70-BFA7-4B35-BA51-D6BC5ABFCAD3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {29AF1364-68E2-4634-BDD3-01E8AFB8EECF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {54E10857-0F30-4278-9390-200629D67408} - System32\Tasks\{CD2D3811-BC5A-4E8A-A447-48F147B642CE} => C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe
Task: {66733FC6-EABB-4655-B658-97CE8E7038C1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {6E03C314-16FD-42CD-AA50-720A3AE501B2} - System32\Tasks\{BE5D3FA3-7DA9-4F0B-B7EB-C565EE54802F} => C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe
Task: {87E7F41E-7D04-409C-9675-AF6D2859F883} - System32\Tasks\{D9263162-F78F-4981-93FD-42062F0188CF} => C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe
Task: {886CD657-01DC-4169-A3F7-8CB1B81BA7C0} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {9BC33FAC-3B9B-440F-AFB1-05318DE7945E} - System32\Tasks\{FF4863ED-9B55-4598-8A18-BF99239ED51A} => C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe
Task: {BF02448A-FCB9-4E03-A753-192A1F848121} - System32\Tasks\{9AC03383-7573-45C4-BF9C-20D671690A0C} => C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe
Task: {D33E3E5C-B80C-44D6-8F98-40CE60EBA5B7} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {D74E0A62-4740-4096-9B2D-1A3454B29906} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {E5F8E3E0-E925-472C-8C4B-745F61835DF8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2014-02-01 21:15 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2014-05-12 15:56 - 2014-05-12 15:56 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Autodata Limited License Service => 2
MSCONFIG\Services: EpsonBidirectionalService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SamsungAllShareV2.0 => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AllShareAgent => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: Epson Stylus SX440(Netzwerk) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Users\Shini\AppData\Local\Temp\E_S2F3A.tmp" /EF "HKCU"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

==================== Faulty Device Manager Devices =============

Name: Logitech_LGVirHid49713
Description: Logitech_LGVirHid49713
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Logitech_LGVirHid49714
Description: Logitech_LGVirHid49714
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 05:05:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/20/2014 05:04:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/20/2014 05:05:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Shini\Desktop\Schutzprogramme\esetsmartinstaller_deu.exe

Error: (05/20/2014 05:04:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 4094.49 MB
Available physical RAM: 2267.55 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6387.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:117.81 GB) NTFS
Drive d: (Shini 2) (Fixed) (Total:931.51 GB) (Free:101.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ADAFAB74)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 20931E77)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=957294d564cfcd45be4e36dafc5232d3
# engine=18336
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-20 03:03:27
# local_time=2014-05-20 05:03:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 367979 152228057 0 0
# scanned=143880
# found=18
# cleaned=0
# scan_time=3920
sh=8F30FBD4A6F13B780B3D5361730BE0D4214E81E9 ft=0 fh=0000000000000000 vn="Variante von Java/Mocup.C Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\627fcf4a-2f8e9d6a"
sh=681636BD28661CFC9FE1371D07A90D4A883EB3ED ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3624d98d-3514d463"
sh=7EE7B61647ABD2C21E1584626AA32505AC30FDFB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\607d0f4e-65dcee74"
sh=1FA1075C5CCEFA399229447780785B2C3B1E88FE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6891630e-38ff774e"
sh=7436A71D98F49B1A9EBDA2BF80E9C41953E76F8A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\50093110-7f6bec3b"
sh=5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 ft=0 fh=0000000000000000 vn="Java/Agent.FH Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\472ad802-4e6bcfe1"
sh=BE6B61DF66FBF3C7E72796B25B521B6149900CD1 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7a3ad55c-70080c40"
sh=DA446F7A41560B0E3877E65B39FCE29DC803F692 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.Q Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1211a35f-56e276a1"
sh=AA552E771DB340B8CEAF3116833A628DC3D7E49C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4353b020-1849f35e"
sh=0600091082F9C32B2A9CF07BC5C795935D1D740C ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-5076.A Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\40286ca3-4417f441"
sh=09A7D52656450B8D836C15A1D9E73515B00D36C0 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.AF Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5b966aa7-6963196f"
sh=EE9E9E614540695CD644E5F580A08AAA9911F445 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.CU Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\b8a3267-1aaa7e4d"
sh=62EBBC9D1C7F8C7267132000F6CB06DE398DA5F3 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.B Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\616acca9-3a388b4f"
sh=6706F000086877C657D87192297513BB851D63F8 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6a588230-150813ce"
sh=656A1F22AC218808DF8B354FC225C00463D082C2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\53040b2-7f4a52e7"
sh=73005DDD83F279508F477424F83F300CD5B9A546 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\484ea3b4-7d9dcac5"
sh=28A54622CF7F239A93915FAC8C5CF917732DFF89 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.B Trojaner" ac=I fn="C:\Users\Shini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\5dbea63f-2769bc6e"
Hoffe das Ihr was findet. Micht stört das mit dem Java da es schon seit längerem Probleme damit gibt.
Geändert von Hitokiri (20.05.2014 um 17:13 Uhr)

Alt 20.05.2014, 17:48   #2
Warlord711
/// TB-Ausbilder
 
Verdacht auf Trojaner > Java Probleme? - Standard

Verdacht auf Trojaner > Java Probleme?




Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Wichtig:
Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld
__________________
Alt 20.05.2014, 18:55   #3
Warlord711
/// TB-Ausbilder
 
Verdacht auf Trojaner > Java Probleme? - Standard

Verdacht auf Trojaner > Java Probleme?


Code:
ATTFilter
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: {045E6D70-BFA7-4B35-BA51-D6BC5ABFCAD3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner ein Windows sowie Office benutzt wird, die nicht legal erworben wurde.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Das Thema wird erst nach Entfernung fortgeführt. Da damit wahrscheinlich eine Neuinstallation notwendig ist, hat sich die Bereinigung "wahrscheinlich" erledigt
__________________
Geändert von Warlord711 (20.05.2014 um 19:02 Uhr)

Alt 22.05.2014, 09:19   #4
Warlord711
/// TB-Ausbilder
 
Verdacht auf Trojaner > Java Probleme? - Standard

Verdacht auf Trojaner > Java Probleme?


Fehlende Rückmeldung
Benötigst du noch Hilfe ? Ansonsten wird dieses Thema in 24h aus meinen Abos gelöscht. Somit bekomme ich dann keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Alt 22.05.2014, 10:24   #5
Hitokiri
 
Verdacht auf Trojaner > Java Probleme? - Standard

Verdacht auf Trojaner > Java Probleme?


Vielen Dank erstmal,

hab mir weiter selber geholfen mit den Java Problemen.
Java deinstalliert reste in der regedit gelöscht und alle Ordner die mit Java zu tun haben.

Combofix angewendet zwar musste ich mein System etwas wieder neueinstellen aber das ist kein Problem.

FRST sieht jetzt auch gut aus. Und den Windows Ultimate Keygen hab ich auch gelöscht und die Aktivierungsprogramme. Für meine Windows 7 Ultimate Version hab ich den Windows 7 Key verwendet. Wusste nicht, dass es auch geht O-o. Somit legal wieder unterwegs.

Eset zeigt auch nichts mehr. Und habe Kastpersky komplett deinstalliert und benutze jetzt Avira da Kaspersky Probleme veruhrsacht hat. Hat aber mit meinem Bootscript zu tun, da er alle Treiber überspringt und somit mein PC um 12 Sekunden schneller macht. 3 Sekunden hochfahren ist besser als 15 sec.

Vielen Dank trotzdem hab viele nützliche Informationen aus diesem Forum und bei Problemen besuche ich es gerne immer wieder und dieses mal legitim^^.

MfG

Hitokiri

Geändert von Hitokiri (22.05.2014 um 10:31 Uhr)

Antwort

Themen zu Verdacht auf Trojaner > Java Probleme?
association, avp, bonjour, browser, cpu-z, desktop, ebanking, excel, fehler, firefox, flash player, homepage, installation, kaspersky, launch, lightning, mozilla, netzwerk, realtek, registry, rootkit, scan, secur, security, services.exe, software, svchost.exe, system, trojaner, windows


« Posadi17 - Probleme mit der Entfernung! | Defogger Installation Problem »


Ähnliche Themen: Verdacht auf Trojaner > Java Probleme?


  1. Win 7 / Verdacht auf Virus / Probleme mit Benutzerprofildienst /
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (16)
  2. Windows 7: Verdacht auf Trojaner (Probleme über Probleme)
    Log-Analyse und Auswertung - 18.03.2014 (10)
  3. XP: GMX warnt, Trojaner-Verdacht (in Java-Cache - und anderswo?)
    Log-Analyse und Auswertung - 24.02.2014 (17)
  4. Verdacht auf Trojaner (Probleme mit VPN und UDP-Traffic)
    Log-Analyse und Auswertung - 09.11.2013 (12)
  5. Java und Windows Probleme!
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (36)
  6. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  7. Probleme mit Java installieren
    Log-Analyse und Auswertung - 04.02.2013 (22)
  8. Java Probleme - java.lang.Thread.run(Unkown Source)
    Alles rund um Windows - 10.11.2011 (5)
  9. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  10. Probleme mit Programmen und CDs(starker Verdacht auf Virus)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2009 (0)
  11. Probleme beim Entfernen von Minibug und Verdacht auf Verseuchung
    Log-Analyse und Auswertung - 06.02.2008 (1)
  12. Tojaner Verdacht - probleme mit Outlook
    Log-Analyse und Auswertung - 04.09.2007 (1)
  13. Probleme mit Java Update
    Alles rund um Windows - 12.04.2007 (5)
  14. XP - Java Probleme
    Alles rund um Windows - 18.03.2006 (9)
  15. probleme mit java
    Alles rund um Windows - 13.06.2005 (0)
  16. Probleme mit der Java VM!
    Alles rund um Windows - 21.12.2004 (1)
  17. Probleme mit Java
    Plagegeister aller Art und deren Bekämpfung - 17.02.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verdacht auf Trojaner > Java Probleme? - Hallo, mein System läuft jetzt seit über ein Jahr. Leider finde ich immerwieder merkwürdige Aktivitäten die über Malwarebytes gefunden werden. Aber nach einer Zeit kommen diese wieder obwohl ich sie - Verdacht auf Trojaner > Java Probleme?...
Archiv
Du betrachtest: Verdacht auf Trojaner > Java Probleme? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131