Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip

Trojandepp · 29.05.2014, 12:23

Hallo,
in einem Moment geistiger Umnachtung habe ich gestern den Anhang einer gefälschten Telekom-Rechnung heruntergeladen. Soweit ich weiß, habe ich die Datei aber nicht ausgeführt (aber da ich ein wenig hektisch und panisch war, kann ich das nicht mit absoluter Sicherheit sagen). Da mir das Ganze dann komisch vorkam, habe ich danach Kaspersky über die ganze Platte laufen lassen - Kaspersky hat erst einmal nichts gefunden. Dann habe ich eure Anweisungen befolgt:

Hier der Log von defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:50 on 29/05/2014 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Log von Frst:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by SYSTEM on MINWINPC on 29-05-2014 09:27:31
Running from G:\
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-09] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-10] (Toshiba)
HKLM\...\Run: [HPPQVideo] => C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2007-08-28] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-08] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [PCSuiteTrayApplication] => C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Admin\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Admin\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Admin\...\Policies\system: [LogonHoursAction] 2
HKU\Admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Carmen\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Carmen\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Fabian\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Fabian\...\Policies\system: [LogonHoursAction] 2
HKU\Fabian\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ingo\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Ingo\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Ingo\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Ingo\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKU\Ingo\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Ingo\...\Policies\system: [LogonHoursAction] 2
HKU\Ingo\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lea\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Lea\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Lea\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Lea\...\Policies\system: [LogonHoursAction] 2
HKU\Lea\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User: Group Policy restriction detected <======= ATTENTION

========================== Services (Whitelisted) =================

S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-03-02] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-03-02] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-03-02] (Kaspersky Lab ZAO)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
S1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-20] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 09:25 - 2014-05-29 09:26 - 00000000 ____D () C:\FRST
2014-05-28 22:50 - 2014-05-28 22:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-28 22:50 - 2014-05-28 22:50 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-05-28 22:49 - 2014-05-28 00:46 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-28 22:49 - 2014-05-28 00:42 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-28 22:49 - 2014-05-28 00:28 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-28 22:49 - 2014-05-28 00:26 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 08:38 - 2014-05-27 08:38 - 00064874 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-16 09:26 - 2014-05-16 09:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 09:22 - 2014-05-05 15:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-16 09:22 - 2014-05-05 15:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-16 09:22 - 2014-05-05 15:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-16 05:14 - 2014-05-16 05:14 - 142602520 _____ (Microsoft Corporation) C:\Users\Lea\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-05-16 03:52 - 2014-03-25 05:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-13 20:43 - 2014-05-13 20:43 - 00360954 _____ () C:\Users\Lea\Documents\satyr.jpg.bmp
2014-05-12 00:33 - 2014-05-12 00:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 06:43 - 2014-04-30 06:43 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

2014-05-29 09:26 - 2014-05-29 09:25 - 00000000 ____D () C:\FRST
2014-05-28 23:19 - 2008-11-23 08:25 - 01825196 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 23:19 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 23:19 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 23:14 - 2008-01-20 23:16 - 00769562 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-28 23:07 - 2013-08-05 02:15 - 00000000 ____D () C:\Users\Carmen\AppData\Local\HTC MediaHub
2014-05-28 23:07 - 2013-03-29 01:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-28 22:50 - 2014-05-28 22:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-28 22:50 - 2014-05-28 22:50 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-05-28 22:50 - 2008-11-23 09:46 - 00000000 ____D () C:\users\Admin
2014-05-28 22:48 - 2006-11-02 04:52 - 00167948 _____ () C:\Windows\setupact.log
2014-05-28 00:46 - 2014-05-28 22:49 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-28 00:42 - 2014-05-28 22:49 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-28 00:28 - 2014-05-28 22:49 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-28 00:26 - 2014-05-28 22:49 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 08:38 - 2014-05-27 08:38 - 00064874 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-27 08:28 - 2012-10-21 08:52 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\.minecraft
2014-05-27 06:13 - 2013-08-07 09:17 - 00000000 ____D () C:\Users\Lea\AppData\Local\HTC MediaHub
2014-05-27 03:48 - 2013-08-05 09:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\HTC MediaHub
2014-05-22 05:00 - 2014-01-12 07:35 - 00021912 _____ () C:\Users\Ingo\Documents\Budgetplanung 2014.xlsx
2014-05-17 07:29 - 2013-08-04 09:16 - 00000000 ____D () C:\Users\Ingo\AppData\Local\HTC MediaHub
2014-05-16 20:43 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 09:36 - 2013-07-10 11:26 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-16 09:27 - 2006-11-02 02:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-05-16 09:26 - 2014-05-16 09:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 09:26 - 2008-08-11 06:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 05:20 - 2012-09-22 09:45 - 00000000 ____D () C:\Users\Lea\AppData\Local\Apple Computer
2014-05-16 05:19 - 2009-01-08 02:40 - 00032768 _____ () C:\Users\Lea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-16 05:14 - 2014-05-16 05:14 - 142602520 _____ (Microsoft Corporation) C:\Users\Lea\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-05-13 20:43 - 2014-05-13 20:43 - 00360954 _____ () C:\Users\Lea\Documents\satyr.jpg.bmp
2014-05-13 20:40 - 2013-11-25 08:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-05-13 20:40 - 2013-11-25 08:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-05-12 01:35 - 2013-11-24 06:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 00:33 - 2014-05-12 00:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-05 15:32 - 2014-05-16 09:22 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 15:14 - 2014-05-16 09:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 15:14 - 2014-05-16 09:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-04-30 06:43 - 2014-04-30 06:43 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Microsoft Games

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============


==================== Restore Points  =========================

Restore point made on: 2014-05-20 07:28:32
Restore point made on: 2014-05-21 09:29:23
Restore point made on: 2014-05-23 06:58:33
Restore point made on: 2014-05-26 05:51:27
Restore point made on: 2014-05-27 11:03:52

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 2939.26 MB
Available physical RAM: 2399.42 MB
Total Pagefile: 2637.12 MB
Available Pagefile: 2489.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.52 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:7.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:115.13 GB) (Free:95.37 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
Drive g: () (Removable) (Total:1.92 GB) (Free:1.9 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 5855FAD5)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-05-28 23:14

==================== End Of Log ============================

Ich hatte zwar Addition.txt aktiviert, aber diese Datei wurde nicht gespeichert...

Und noch mein Log von Gmer:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-29 09:59:47
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pwtorpod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwAdjustPrivilegesToken [0x917A0990]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwAlpcConnectPort [0x917511CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwAlpcSendWaitReceivePort [0x91751400]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwConnectPort [0x91750FC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwCreateSection [0x917A355C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwCreateThread [0x917A298C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwDebugActiveProcess [0x917A251E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwDeviceIoControlFile [0x91741640]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwDuplicateObject [0x917A0AD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwLoadDriver [0x917A05FE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwMapViewOfSection [0x917A3312]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwOpenProcess [0x917A2052]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwOpenSection [0x917A378C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwOpenThread [0x917A267E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwQueueApcThread [0x917A31C6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwRequestWaitReplyPort [0x917512D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwResumeThread [0x917A2EE2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSecureConnectPort [0x917510C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSetContextThread [0x917A3048]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSetInformationToken [0x91741A5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSetSystemInformation [0x917A0936]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSuspendProcess [0x917A225A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSuspendThread [0x917A2D82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwSystemDebugControl [0x91741A6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwTerminateProcess [0x917A23C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwTerminateThread [0x917A2882]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwUnmapViewOfSection [0x917A3894]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwWriteVirtualMemory [0x917A361E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                       ZwCreateThreadEx [0x917A2BD8]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                                                               842B9764 4 Bytes  [90, 09, 7A, 91] {NOP ; OR [EDX-0x6f], EDI}
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                               842B9788 4 Bytes  [CE, 11, 75, 91] {INTO ; ADC [EBP-0x6f], ESI}
.text           ntkrnlpa.exe!KeSetEvent + 181                                                               842B97CC 4 Bytes  [00, 14, 75, 91]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                               842B980C 4 Bytes  [C8, 0F, 75, 91] {ENTER 0x750f, 0x91}
.text           ntkrnlpa.exe!KeSetEvent + 215                                                               842B9860 4 Bytes  [5C, 35, 7A, 91]
.text           ...                                                                                         
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                   section is writeable [0x8CD52480, 0x3C939, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                   unknown last section [0x8CD93900, 0x3CA, 0x48000040]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] kernel32.dll!FindResourceA     769526EB 5 Bytes  JMP 0042B6C0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] kernel32.dll!FindResourceW     76978289 5 Bytes  JMP 0042B700 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] USER32.dll!LoadStringA         761F6243 5 Bytes  JMP 0042B990 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] USER32.dll!CreateDialogParamW  761F72A2 5 Bytes  JMP 0042B7B0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] USER32.dll!LoadMenuW           76201412 5 Bytes  JMP 0042B880 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] USER32.dll!LoadStringW         76209CCB 5 Bytes  JMP 0042B8E0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] USER32.dll!CreateDialogParamA  762117AA 5 Bytes  JMP 0042B740 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3304] USER32.dll!LoadMenuA           76237C77 5 Bytes  JMP 0042B820 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                     Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                     Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                     kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                     kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                   kltdi.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                    fltmgr.sys

---- EOF - GMER 2.1 ----

Danach habe ich mit einer frisch aktualisierten Version von Kaspersky noch einmal die Platte gescannt und Kaspersky hat mir den Fund "Trojan.Ransom.Win32.Foreign.kvfa" in "C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip" gemeldet und diesen auch gleich automatisch neutralisiert und gelöscht. Den Logfile von diesem Fund wollte ich auch speichern, aber Kaspersky hat das einfach nicht gemacht

Habe ich soweit alles richtig gemacht?
Jetzt weiß ich natürlich nicht, ob der Trojaner sein Unwesen bei mir treibt...und wäre für eure Hilfe wirklich sehr sehr dankbar.

Viele Grüße,
Trojandepp

Machiavelli · 29.05.2014, 12:33

Hallo und willkommen an Board, Trojandepp

Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen.

Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:

Malware zu entfernen ist normalerweise recht schwierig
Heutige Malware kann sich sehr gut verstecken, so kann es sein, dass es bestimmte Tools nicht sehen. Eine Neuinstallation ist daher oft das klügere.
Bitte folge meinen Anweisung bis in das kleinste Detail
Falls Du was falsches machst, wie z.B. irgendwas fixt, was nicht durch mich genehmigt wurde, kann der PC dadurch beschädigt werden. Daher folge meinen Anweisungen ganz genau
Bleibe mit mir in Kontakt, bis Deine Probleme vollständig gelöst sind
Themen, in welchen innerhalb von 4 Tagen keine Antwort gepostet wird, werden geschlossen.
Bitte lasse keine anderen Tools laufen, während ich bereinige
Wenn Du Tools wie z.B. Malwarebytes etc. ohne meines Wissens laufen lässt, kann es unter Umständen Ergebnisse verfälschen.
Ließ meine Posts vollständig durch
Falls nicht, kann das zu schwerwiegenden Problemen (z.B. PC bootet nicht mehr) führen oder der Prozess der Malwareentfernung wird länger

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Bitte starte

FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.

Trojandepp · 29.05.2014, 13:59

Hallo Machiavelli,
bis Schritt 3 ging alles klar. Habe das Junkware Removal Tool gestartet, beliebige Taste angeklickt, das Tool hat gescannt und ein "bad module" angezeigt. Dann wurde ich zum Reboot aufgefordert, habe mit y geantwortet. Der Computer hat neu gestartet, aber auf Desktop wird keine JRT.txt angezeigt.
Was mache ich jetzt?
Danke und Grüße,
Trojandepp

Machiavelli · 29.05.2014, 14:56

Wiederhole Schritt 3.

Trojandepp · 29.05.2014, 15:01

Ok, mache ich. Und wenn ich zum Rebooten aufgefordert werde, mache ich das oder antworte ich mit Nein?

Machiavelli · 29.05.2014, 15:09

Mit Ja antworten.

Trojandepp · 29.05.2014, 15:38

Also, hier der Logfile von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 29/05/2014 um 14:13:38
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Carmen\AppData\Roaming\ZoomBrowser EX
Ordner Gelöscht : C:\Users\Ingo\AppData\Roaming\ZoomBrowser EX
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21rex4ju.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Admin\Desktop\QuickStores.url
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21rex4ju.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Software
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21rex4ju.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{20a82645-c095-46ed-80e3-08825760534b}:1.1,quickstores@quickstores.de:1.0.0,trackmenot@mrl.nyu.edu:0.6.2,{635abd67-4[...]
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2002");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{D482B414-2774-5104-3D3F-27489AACB797}");

[ Datei : C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\e3kfoiw9.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{20a82645-c095-46ed-80e3-08825760534b}:1.1,quickstores@quickstores.de:1.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3[...]
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2002");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{BE8E69A7-08BC-35DA-2E4D-85B17297A87D}");

[ Datei : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2vva90nb.default\prefs.js ]


[ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\hzw49foq.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{20a82645-c095-46ed-80e3-08825760534b}:1.1,quickstores@quickstores.de:1.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3[...]
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2002");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{EBE72EEA-9372-142D-4BDF-79BCE12E412C}");

[ Datei : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\xu9ald00.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{20a82645-c095-46ed-80e3-08825760534b}:1.1,quickstores@quickstores.de:1.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3[...]
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2002");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{AE3D13C2-D207-1B75-7663-134BA36E68EC}");

*************************

AdwCleaner[R0].txt - [4833 octets] - [29/05/2014 14:12:56]
AdwCleaner[S0].txt - [4756 octets] - [29/05/2014 14:13:38]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4816 octets] ##########

und der Logfile von Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.05.2014
Suchlauf-Zeit: 14:22:25
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 344296
Verstrichene Zeit: 14 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Bei JRT: gleiches Spiel wie vorher. Alles klappt - bis auf die Logdatei. Nach dem Hochfahren passiert einfach gar nichts.
FRST habe ich noch nicht wieder laufen lassen - das sollte ja erst nach JRT geschehen, richtig?

Machiavelli · 29.05.2014, 16:08

Dann mache jetzt Schritt 4.

Trojandepp · 29.05.2014, 16:52

Anscheinend habe ich ein Problem mit Logfiles...

Ich habe die Anweisungen ganz genau befolgt, den Haken bei Addition.txt gesetzt, dann gescannt: Es wird nur ein Logfile Frst.txt ausgegeben, aber nichts für Addition.txt.
Naja, auf jeden Fall hier der Logfile von Frst:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by SYSTEM on MINWINPC on 29-05-2014 17:32:48
Running from G:\
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-09] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-10] (Toshiba)
HKLM\...\Run: [HPPQVideo] => C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2007-08-28] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-08] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [PCSuiteTrayApplication] => C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Admin\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Admin\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Admin\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt
HKU\Admin\...\RunOnce: [JRTcleanup] - C:\Users\Admin\AppData\Local\Temp\jrt\JRT.bat [10161 2014-04-05] ()
HKU\Admin\...\Policies\system: [LogonHoursAction] 2
HKU\Admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Carmen\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Carmen\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Carmen\...\Policies\system: [LogonHoursAction] 2
HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Fabian\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Fabian\...\Policies\system: [LogonHoursAction] 2
HKU\Fabian\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ingo\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Ingo\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Ingo\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Ingo\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKU\Ingo\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Ingo\...\Policies\system: [LogonHoursAction] 2
HKU\Ingo\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lea\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Lea\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Lea\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Lea\...\Policies\system: [LogonHoursAction] 2
HKU\Lea\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User: Group Policy restriction detected <======= ATTENTION

========================== Services (Whitelisted) =================

S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-11] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-11] (Malwarebytes Corporation)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-03-02] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-03-02] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-03-02] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-11] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-11] (Malwarebytes Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
S1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-20] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 09:25 - 2014-05-29 09:27 - 00000000 ____D () C:\FRST
2014-05-29 04:39 - 2014-05-29 04:39 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 04:37 - 2014-05-29 04:37 - 00001160 _____ () C:\MBAM.txt
2014-05-29 04:21 - 2014-05-29 04:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-29 04:19 - 2014-05-29 04:19 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 04:19 - 2014-05-29 04:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 04:19 - 2014-05-29 04:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 04:19 - 2014-05-11 21:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-05-29 04:19 - 2014-05-11 21:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-05-29 04:19 - 2014-05-11 21:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-05-29 04:12 - 2014-05-29 04:13 - 00000000 ____D () C:\AdwCleaner
2014-05-29 03:58 - 2014-05-29 03:43 - 01016261 _____ (Thisisu) C:\Users\Carmen\Desktop\JRT.exe
2014-05-29 03:58 - 2014-05-29 03:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Carmen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 03:58 - 2014-05-29 03:40 - 01327971 _____ () C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
2014-05-28 23:59 - 2014-05-28 23:59 - 00008046 _____ () C:\Users\Carmen\Desktop\Gmer.txt
2014-05-28 22:50 - 2014-05-28 22:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-28 22:50 - 2014-05-28 22:50 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-05-28 22:49 - 2014-05-28 00:46 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-28 22:49 - 2014-05-28 00:42 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-28 22:49 - 2014-05-28 00:28 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-28 22:49 - 2014-05-28 00:26 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 08:38 - 2014-05-29 02:03 - 00000022 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-16 09:26 - 2014-05-16 09:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 09:22 - 2014-05-05 15:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-16 09:22 - 2014-05-05 15:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-16 09:22 - 2014-05-05 15:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-16 05:14 - 2014-05-16 05:14 - 142602520 _____ (Microsoft Corporation) C:\Users\Lea\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-05-16 03:52 - 2014-03-25 05:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-13 20:43 - 2014-05-13 20:43 - 00360954 _____ () C:\Users\Lea\Documents\satyr.jpg.bmp
2014-05-12 00:33 - 2014-05-12 00:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 06:43 - 2014-04-30 06:43 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

2014-05-29 09:27 - 2014-05-29 09:25 - 00000000 ____D () C:\FRST
2014-05-29 07:29 - 2008-11-23 08:25 - 01859777 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 07:29 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 07:29 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 06:34 - 2008-01-20 23:16 - 01619692 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-29 06:30 - 2013-03-29 01:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-29 06:27 - 2013-08-05 02:15 - 00000000 ____D () C:\Users\Carmen\AppData\Local\HTC MediaHub
2014-05-29 04:39 - 2014-05-29 04:39 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 04:37 - 2014-05-29 04:37 - 00001160 _____ () C:\MBAM.txt
2014-05-29 04:21 - 2014-05-29 04:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-29 04:19 - 2014-05-29 04:19 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 04:19 - 2014-05-29 04:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 04:19 - 2014-05-29 04:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 04:15 - 2008-01-20 18:47 - 00236014 _____ () C:\Windows\PFRO.log
2014-05-29 04:13 - 2014-05-29 04:12 - 00000000 ____D () C:\AdwCleaner
2014-05-29 03:43 - 2014-05-29 03:58 - 01016261 _____ (Thisisu) C:\Users\Carmen\Desktop\JRT.exe
2014-05-29 03:41 - 2014-05-29 03:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Carmen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 03:40 - 2014-05-29 03:58 - 01327971 _____ () C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
2014-05-29 02:03 - 2014-05-27 08:38 - 00000022 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-28 23:59 - 2014-05-28 23:59 - 00008046 _____ () C:\Users\Carmen\Desktop\Gmer.txt
2014-05-28 23:30 - 2013-12-18 23:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\HTC MediaHub
2014-05-28 22:50 - 2014-05-28 22:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-28 22:50 - 2014-05-28 22:50 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-05-28 22:50 - 2008-11-23 09:46 - 00000000 ____D () C:\users\Admin
2014-05-28 22:48 - 2006-11-02 04:52 - 00167948 _____ () C:\Windows\setupact.log
2014-05-28 00:46 - 2014-05-28 22:49 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-28 00:42 - 2014-05-28 22:49 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-28 00:28 - 2014-05-28 22:49 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-28 00:26 - 2014-05-28 22:49 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 08:28 - 2012-10-21 08:52 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\.minecraft
2014-05-27 06:13 - 2013-08-07 09:17 - 00000000 ____D () C:\Users\Lea\AppData\Local\HTC MediaHub
2014-05-27 03:48 - 2013-08-05 09:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\HTC MediaHub
2014-05-22 05:00 - 2014-01-12 07:35 - 00021912 _____ () C:\Users\Ingo\Documents\Budgetplanung 2014.xlsx
2014-05-17 07:29 - 2013-08-04 09:16 - 00000000 ____D () C:\Users\Ingo\AppData\Local\HTC MediaHub
2014-05-16 20:43 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 09:36 - 2013-07-10 11:26 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-16 09:27 - 2006-11-02 02:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-05-16 09:26 - 2014-05-16 09:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 09:26 - 2008-08-11 06:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 05:20 - 2012-09-22 09:45 - 00000000 ____D () C:\Users\Lea\AppData\Local\Apple Computer
2014-05-16 05:19 - 2009-01-08 02:40 - 00032768 _____ () C:\Users\Lea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-16 05:14 - 2014-05-16 05:14 - 142602520 _____ (Microsoft Corporation) C:\Users\Lea\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-05-13 20:43 - 2014-05-13 20:43 - 00360954 _____ () C:\Users\Lea\Documents\satyr.jpg.bmp
2014-05-13 20:40 - 2013-11-25 08:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-05-13 20:40 - 2013-11-25 08:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-05-12 01:35 - 2013-11-24 06:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 00:33 - 2014-05-12 00:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 21:26 - 2014-05-29 04:19 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-05-11 21:25 - 2014-05-29 04:19 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-05-11 21:25 - 2014-05-29 04:19 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-05-05 15:32 - 2014-05-16 09:22 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 15:14 - 2014-05-16 09:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 15:14 - 2014-05-16 09:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-04-30 06:43 - 2014-04-30 06:43 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Microsoft Games

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-05-21 09:29:23
Restore point made on: 2014-05-23 06:58:33
Restore point made on: 2014-05-26 05:51:27
Restore point made on: 2014-05-27 11:03:52
Restore point made on: 2014-05-29 03:30:57

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 2939.26 MB
Available physical RAM: 2402.93 MB
Total Pagefile: 2639.11 MB
Available Pagefile: 2492.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.15 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:7.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:115.13 GB) (Free:95.37 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
Drive g: () (Removable) (Total:1.92 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 5855FAD5)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2014-05-29 06:35

==================== End Of Log ============================

--- --- ---

--- --- ---

Machiavelli · 29.05.2014, 17:28

Warum lässt Du FRST im Recovery Mode laufen?

Trojandepp · 30.05.2014, 06:50

Hallo Machiavelli,
so, ich hab's jetzt: Hier meine Logfiles von Frst und Addition:
Frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Carmen (ATTENTION: The logged in user is not administrator) on ADMIN-PC on 30-05-2014 06:11:09
Running from C:\Users\Carmen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\HP\HP UT\bin\hppusg.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(TOSHIBA) C:\Program Files\TOSHIBA\ConfigFree\cfmain.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [HPPQVideo] => C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2007-08-28] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-08] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [PCSuiteTrayApplication] => C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Nokia.PCSync] => C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1744896 2007-03-27] (Time Information Services Ltd.)
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {1660e2fc-58f5-11df-8322-001e336f5400} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {3b3a4670-7dc5-11e2-b03e-001e336f5400} - D:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {2F79E368-2885-40DE-BA27-C87B8784B068} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - {2F79E368-2885-40DE-BA27-C87B8784B068} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=uR7xzYzTv1YWHiBZRv749a58LhM?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\e3kfoiw9.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Carmen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrackMeNot - C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\e3kfoiw9.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2012-02-19]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\e3kfoiw9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-02]

========================== Services (Whitelisted) =================

S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-03-02] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-03-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-03-02] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-20] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 06:11 - 2014-05-30 06:11 - 00019258 _____ () C:\Users\Carmen\Desktop\FRST.txt
2014-05-29 19:25 - 2014-05-30 06:11 - 00000000 ____D () C:\FRST
2014-05-29 14:39 - 2014-05-29 14:39 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 14:37 - 2014-05-29 14:37 - 00001160 _____ () C:\MBAM.txt
2014-05-29 14:21 - 2014-05-29 14:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 14:19 - 2014-05-29 14:19 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 14:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 14:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 14:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-29 14:12 - 2014-05-29 14:13 - 00000000 ____D () C:\AdwCleaner
2014-05-29 13:58 - 2014-05-29 13:43 - 01016261 _____ (Thisisu) C:\Users\Carmen\Desktop\JRT.exe
2014-05-29 13:58 - 2014-05-29 13:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Carmen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 13:58 - 2014-05-29 13:40 - 01327971 _____ () C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
2014-05-29 09:59 - 2014-05-29 09:59 - 00008046 _____ () C:\Users\Carmen\Desktop\Gmer.txt
2014-05-29 08:50 - 2014-05-29 08:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-29 08:49 - 2014-05-28 10:46 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-29 08:49 - 2014-05-28 10:42 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-29 08:49 - 2014-05-28 10:28 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-29 08:49 - 2014-05-28 10:26 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 18:38 - 2014-05-29 12:03 - 00000022 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 19:22 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 19:22 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 19:22 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 13:52 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-12 10:33 - 2014-05-12 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-05-30 06:11 - 2014-05-30 06:11 - 00019258 _____ () C:\Users\Carmen\Desktop\FRST.txt
2014-05-30 06:11 - 2014-05-29 19:25 - 00000000 ____D () C:\FRST
2014-05-30 06:11 - 2008-11-23 18:25 - 01865332 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 06:08 - 2013-03-29 11:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-30 06:07 - 2013-08-05 12:15 - 00000000 ____D () C:\Users\Carmen\AppData\Local\HTC MediaHub
2014-05-30 06:05 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 06:05 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 06:05 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 17:40 - 2013-11-25 18:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 17:40 - 2008-01-21 09:16 - 01619692 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 17:40 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-29 14:39 - 2014-05-29 14:39 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 14:37 - 2014-05-29 14:37 - 00001160 _____ () C:\MBAM.txt
2014-05-29 14:21 - 2014-05-29 14:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 14:19 - 2014-05-29 14:19 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 14:15 - 2008-01-21 04:47 - 00236014 _____ () C:\Windows\PFRO.log
2014-05-29 14:13 - 2014-05-29 14:12 - 00000000 ____D () C:\AdwCleaner
2014-05-29 13:43 - 2014-05-29 13:58 - 01016261 _____ (Thisisu) C:\Users\Carmen\Desktop\JRT.exe
2014-05-29 13:41 - 2014-05-29 13:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Carmen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 13:40 - 2014-05-29 13:58 - 01327971 _____ () C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
2014-05-29 12:03 - 2014-05-27 18:38 - 00000022 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-29 09:59 - 2014-05-29 09:59 - 00008046 _____ () C:\Users\Carmen\Desktop\Gmer.txt
2014-05-29 08:50 - 2014-05-29 08:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-29 08:50 - 2008-11-23 19:46 - 00000000 ____D () C:\Users\Admin
2014-05-29 08:48 - 2006-11-02 14:52 - 00167948 _____ () C:\Windows\setupact.log
2014-05-28 10:46 - 2014-05-29 08:49 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-28 10:42 - 2014-05-29 08:49 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-28 10:28 - 2014-05-29 08:49 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-28 10:26 - 2014-05-29 08:49 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-17 06:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 19:36 - 2013-07-10 21:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 19:27 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 19:26 - 2008-08-11 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 06:40 - 2013-11-25 18:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 06:40 - 2013-11-25 18:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:35 - 2013-11-24 16:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 10:33 - 2014-05-12 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 07:26 - 2014-05-29 14:19 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-29 14:19 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-29 14:19 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 01:32 - 2014-05-16 19:22 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Carmen at 2014-05-30 06:11:56
Running from C:\Users\Carmen\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.12 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.2.15 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.7 (HKLM\...\DPP) (Version: 3.7.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.2.1.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Der Stammbaum 3.0 (HKLM\...\InstallShield_{C5971CD8-0FB5-42DD-8667-27CEA5646949}) (Version: 1.00.0000 - United Soft Media)
Der Stammbaum 3.0 (Version: 1.00.0000 - United Soft Media) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
dm Fotowelt (HKLM\...\dm Fotowelt) (Version:  - )
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
HP Color LaserJet CP1510 Series 2.0 (HKLM\...\{223C0721-A6B0-4853-88C0-331029841734}) (Version: 2.0 - HP)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
hppCLJCP1510 (Version: 003.000.00186 - Hewlett-Packard) Hidden
hppFonts (Version: 001.001.00056 - Hewlett-Packard) Hidden
hppManualsCP1510 (Version: 003.000.00190 - Ihr Firmenname) Hidden
hppPQVideoCP1510 (Version: 003.000.00157 - Ihr Firmenname) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
hppTLBXFXCP1510 (Version: 001.003.00081 - Hewlett-Packard) Hidden
hppusgCP1510 (Version: 000.000.00012 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
hpzTLBXFX (Version: 003.013.00279 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (2.0.0.24) (HKLM\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (de) - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}) (Version: 6.83.9.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 6.83.14.1 - Nokia)
Nokia PC Suite (Version: 6.83.14.1 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{066D65EA-ED53-44E4-A96A-F81B6E409D2E}) (Version: 7.7.10.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Product_SF_Full_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Product_SF_Min_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TKKG11 (HKLM\...\TKKG11) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.1 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1) (HKLM\...\0852D05415AB9A4F1EF451E342267F76C776ED2F) (Version: 11/03/2006 6.82.0.1 - Nokia)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2007-12-14 22:40 - 2007-12-14 22:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-08-11 16:03 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00036864 _____ () C:\Program Files\HP\HP UT\bin\hppusg.exe
2007-05-08 17:44 - 2007-05-08 17:44 - 00057344 _____ () C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00065536 _____ () C:\Program Files\HP\HP UT\bin\HPTools.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00114688 _____ () C:\Program Files\HP\HP UT\bin\HPToolkit.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00036864 _____ () C:\Program Files\HP\HP UT\bin\Enumeration.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{91BAE77B-D1EB-4027-B856-B76A306B1DE4}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #9
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Nokia 6300
Description: Nokia Windows Portable Device Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 09:45:28 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/29/2014 09:14:39 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 1469016

Error: (05/27/2014 02:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3229

Error: (05/27/2014 02:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3229

Error: (05/27/2014 02:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/27/2014 02:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1716

Error: (05/27/2014 02:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1716

Error: (05/27/2014 02:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/27/2014 02:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1185

Error: (05/27/2014 02:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1185


System errors:
=============
Error: (05/30/2014 06:07:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/29/2014 04:25:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/29/2014 04:25:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (05/29/2014 03:39:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/29/2014 02:44:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/29/2014 08:52:51 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update

Error: (05/27/2014 06:38:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (05/26/2014 06:34:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (05/26/2014 03:53:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (05/24/2014 10:16:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (07/08/2013 08:04:33 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3537 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (10/27/2011 07:56:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1892 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (06/30/2011 08:36:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36379 seconds with 1260 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-30 06:11:49.979
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:49.387
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:48.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:48.154
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:47.546
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:46.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:46.313
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:45.643
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:26.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 06:11:25.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 2939.26 MB
Available physical RAM: 1818.08 MB
Total Pagefile: 6096.73 MB
Available Pagefile: 4870.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.64 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:7.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:95.37 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Grüße, Trojandepp

Machiavelli · 30.05.2014, 16:24

Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {1660e2fc-58f5-11df-8322-001e336f5400} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {3b3a4670-7dc5-11e2-b03e-001e336f5400} - D:\HTC_Sync_Manager_PC.exe
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=uR7xzYzTv1YWHiBZRv749a58LhM?q={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2: FRST Scan

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Schritt 3: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4: Frage

Wie läuft Dein PC?

Trojandepp · 31.05.2014, 13:53

Hallo,
nachdem ich bei Frst auf Fix geklickt habe, kam eine Fehlermeldung, der Zugriff wurde verweigert - ich hatte Kaspersky noch nicht abgestellt, war das das Problem?
Trotzdem ist ein Fixlog gespeichert worden, das sende ich jetzt mal, bevor ich irgendetwas anderes mache...

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by Carmen at 2014-05-31 14:40:45 Run:1
Running from C:\Users\Carmen\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {1660e2fc-58f5-11df-8322-001e336f5400} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {3b3a4670-7dc5-11e2-b03e-001e336f5400} - D:\HTC_Sync_Manager_PC.exe
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=uR7xzYzTv1YWHiBZRv749a58LhM?q={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
         
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Unable to delete value

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run"

Listing permissions failed. Access Denied.
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1660e2fc-58f5-11df-8322-001e336f5400} => Key deleted successfully.
HKCR\CLSID\{1660e2fc-58f5-11df-8322-001e336f5400} => Key not found.
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3a4670-7dc5-11e2-b03e-001e336f5400} => Key deleted successfully.
HKCR\CLSID\{3b3a4670-7dc5-11e2-b03e-001e336f5400} => Key not found.

"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User" directory move:

Machiavelli · 31.05.2014, 14:21

Kaspersky abschalten. Programm als Admin ausführen und den Fix wiederholen.

Trojandepp · 31.05.2014, 15:01

Hier meine Frst-Logs:
Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by Admin at 2014-05-31 15:30:35 Run:2
Running from C:\Users\Carmen\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {1660e2fc-58f5-11df-8322-001e336f5400} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\MountPoints2: {3b3a4670-7dc5-11e2-b03e-001e336f5400} - D:\HTC_Sync_Manager_PC.exe
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=uR7xzYzTv1YWHiBZRv749a58LhM?q={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
         
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1660e2fc-58f5-11df-8322-001e336f5400} => Key not found.
HKCR\CLSID\{1660e2fc-58f5-11df-8322-001e336f5400} => Key not found.
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3a4670-7dc5-11e2-b03e-001e336f5400} => Key not found.
HKCR\CLSID\{3b3a4670-7dc5-11e2-b03e-001e336f5400} => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.


The system needed a reboot. 

==== End of Fixlog ====

Frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Admin (administrator) on ADMIN-PC on 31-05-2014 15:37:37
Running from C:\Users\Carmen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\HP\HP UT\bin\hppusg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-04-24] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [HPPQVideo] => C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2007-08-28] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-08] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [PCSuiteTrayApplication] => C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Nokia.PCSync] => C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1744896 2007-03-27] (Time Information Services Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [4894 2014-05-29] ()
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\RunOnce: [JRTcleanup] - C:\Users\Admin\AppData\Local\Temp\jrt\JRT.bat [10161 2014-04-06] ()
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1908030813-1555713195-3511680284-1000\...\MountPoints2: {3b3a4670-7dc5-11e2-b03e-001e336f5400} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-1908030813-1555713195-3511680284-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1908030813-1555713195-3511680284-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
SearchScopes: HKLM - {2F79E368-2885-40DE-BA27-C87B8784B068} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - {2F79E368-2885-40DE-BA27-C87B8784B068} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21rex4ju.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrackMeNot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21rex4ju.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2012-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21rex4ju.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-02]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-02]

========================== Services (Whitelisted) =================

S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-03-02] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-03-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-03-02] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-20] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 15:37 - 2014-05-31 15:37 - 00021257 _____ () C:\Users\Carmen\Desktop\FRST.txt
2014-05-29 19:25 - 2014-05-31 15:37 - 00000000 ____D () C:\FRST
2014-05-29 14:39 - 2014-05-29 14:39 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 14:37 - 2014-05-29 14:37 - 00001160 _____ () C:\MBAM.txt
2014-05-29 14:21 - 2014-05-29 14:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 14:19 - 2014-05-29 14:19 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 14:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 14:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 14:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-29 14:12 - 2014-05-29 14:13 - 00000000 ____D () C:\AdwCleaner
2014-05-29 13:58 - 2014-05-29 13:43 - 01016261 _____ (Thisisu) C:\Users\Carmen\Desktop\JRT.exe
2014-05-29 13:58 - 2014-05-29 13:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Carmen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 13:58 - 2014-05-29 13:40 - 01327971 _____ () C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
2014-05-29 09:59 - 2014-05-29 09:59 - 00008046 _____ () C:\Users\Carmen\Desktop\Gmer.txt
2014-05-29 08:50 - 2014-05-29 08:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-29 08:50 - 2014-05-29 08:50 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-05-29 08:49 - 2014-05-28 10:46 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-29 08:49 - 2014-05-28 10:42 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-29 08:49 - 2014-05-28 10:28 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-29 08:49 - 2014-05-28 10:26 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 18:38 - 2014-05-29 12:03 - 00000022 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 19:22 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 19:22 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 19:22 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 15:14 - 2014-05-16 15:14 - 142602520 _____ (Microsoft Corporation) C:\Users\Lea\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-05-16 13:52 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 06:43 - 2014-05-14 06:43 - 00360954 _____ () C:\Users\Lea\Documents\satyr.jpg.bmp
2014-05-12 10:33 - 2014-05-12 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-05-31 15:37 - 2014-05-31 15:37 - 00021257 _____ () C:\Users\Carmen\Desktop\FRST.txt
2014-05-31 15:37 - 2014-05-29 19:25 - 00000000 ____D () C:\FRST
2014-05-31 15:37 - 2008-11-23 18:25 - 01892069 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 15:35 - 2013-08-05 12:15 - 00000000 ____D () C:\Users\Carmen\AppData\Local\HTC MediaHub
2014-05-31 15:35 - 2013-03-29 11:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-31 15:35 - 2008-11-23 22:13 - 00000330 __RSH () C:\Users\Carmen\ntuser.pol
2014-05-31 15:32 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 15:32 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 15:32 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 15:30 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 15:30 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-31 14:49 - 2008-01-21 09:16 - 01619692 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 14:40 - 2013-11-25 18:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 14:39 - 2014-05-29 14:39 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 14:37 - 2014-05-29 14:37 - 00001160 _____ () C:\MBAM.txt
2014-05-29 14:21 - 2014-05-29 14:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 14:19 - 2014-05-29 14:19 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 14:19 - 2014-05-29 14:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 14:15 - 2008-01-21 04:47 - 00236014 _____ () C:\Windows\PFRO.log
2014-05-29 14:13 - 2014-05-29 14:12 - 00000000 ____D () C:\AdwCleaner
2014-05-29 13:43 - 2014-05-29 13:58 - 01016261 _____ (Thisisu) C:\Users\Carmen\Desktop\JRT.exe
2014-05-29 13:41 - 2014-05-29 13:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Carmen\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 13:40 - 2014-05-29 13:58 - 01327971 _____ () C:\Users\Carmen\Desktop\adwcleaner_3.211.exe
2014-05-29 12:03 - 2014-05-27 18:38 - 00000022 _____ () C:\Users\Carmen\Downloads\2014_05_rechnungonline_8290485236sign.zip
2014-05-29 09:59 - 2014-05-29 09:59 - 00008046 _____ () C:\Users\Carmen\Desktop\Gmer.txt
2014-05-29 09:30 - 2013-12-19 09:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\HTC MediaHub
2014-05-29 08:50 - 2014-05-29 08:50 - 00000472 _____ () C:\Users\Carmen\Desktop\defogger_disable.log
2014-05-29 08:50 - 2014-05-29 08:50 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-05-29 08:50 - 2008-11-23 19:46 - 00000000 ____D () C:\Users\Admin
2014-05-29 08:48 - 2006-11-02 14:52 - 00167948 _____ () C:\Windows\setupact.log
2014-05-28 10:46 - 2014-05-29 08:49 - 00380416 _____ () C:\Users\Carmen\Desktop\Gmer-19357.exe
2014-05-28 10:42 - 2014-05-29 08:49 - 00050477 _____ () C:\Users\Carmen\Desktop\Defogger.exe
2014-05-28 10:28 - 2014-05-29 08:49 - 02066944 _____ (Farbar) C:\Users\Carmen\Desktop\FRST64.exe
2014-05-28 10:26 - 2014-05-29 08:49 - 01056256 _____ (Farbar) C:\Users\Carmen\Desktop\FRST.exe
2014-05-27 18:28 - 2012-10-21 18:52 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\.minecraft
2014-05-27 16:13 - 2013-08-07 19:17 - 00000000 ____D () C:\Users\Lea\AppData\Local\HTC MediaHub
2014-05-27 13:48 - 2013-08-05 19:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\HTC MediaHub
2014-05-22 15:00 - 2014-01-12 17:35 - 00021912 _____ () C:\Users\Ingo\Documents\Budgetplanung 2014.xlsx
2014-05-17 17:29 - 2013-08-04 19:16 - 00000000 ____D () C:\Users\Ingo\AppData\Local\HTC MediaHub
2014-05-17 06:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 19:36 - 2013-07-10 21:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 19:27 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 19:26 - 2008-08-11 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 15:20 - 2012-09-22 19:45 - 00000000 ____D () C:\Users\Lea\AppData\Local\Apple Computer
2014-05-16 15:19 - 2009-01-08 12:40 - 00032768 _____ () C:\Users\Lea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-16 15:14 - 2014-05-16 15:14 - 142602520 _____ (Microsoft Corporation) C:\Users\Lea\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-05-14 06:43 - 2014-05-14 06:43 - 00360954 _____ () C:\Users\Lea\Documents\satyr.jpg.bmp
2014-05-14 06:40 - 2013-11-25 18:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 06:40 - 2013-11-25 18:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:35 - 2013-11-24 16:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 10:33 - 2014-05-12 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 07:26 - 2014-05-29 14:19 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-29 14:19 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-29 14:19 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 01:32 - 2014-05-16 19:22 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 14:50

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Admin at 2014-05-31 15:38:26
Running from C:\Users\Carmen\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.12 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.2.15 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.7 (HKLM\...\DPP) (Version: 3.7.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.2.1.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Der Stammbaum 3.0 (HKLM\...\InstallShield_{C5971CD8-0FB5-42DD-8667-27CEA5646949}) (Version: 1.00.0000 - United Soft Media)
Der Stammbaum 3.0 (Version: 1.00.0000 - United Soft Media) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
dm Fotowelt (HKLM\...\dm Fotowelt) (Version:  - )
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
HP Color LaserJet CP1510 Series 2.0 (HKLM\...\{223C0721-A6B0-4853-88C0-331029841734}) (Version: 2.0 - HP)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
hppCLJCP1510 (Version: 003.000.00186 - Hewlett-Packard) Hidden
hppFonts (Version: 001.001.00056 - Hewlett-Packard) Hidden
hppManualsCP1510 (Version: 003.000.00190 - Ihr Firmenname) Hidden
hppPQVideoCP1510 (Version: 003.000.00157 - Ihr Firmenname) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
hppTLBXFXCP1510 (Version: 001.003.00081 - Hewlett-Packard) Hidden
hppusgCP1510 (Version: 000.000.00012 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
hpzTLBXFX (Version: 003.013.00279 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.46.0 - HTC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (2.0.0.24) (HKLM\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (de) - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}) (Version: 6.83.9.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 6.83.14.1 - Nokia)
Nokia PC Suite (Version: 6.83.14.1 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{066D65EA-ED53-44E4-A96A-F81B6E409D2E}) (Version: 7.7.10.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Product_SF_Full_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Product_SF_Min_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TKKG11 (HKLM\...\TKKG11) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.1 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1) (HKLM\...\0852D05415AB9A4F1EF451E342267F76C776ED2F) (Version: 11/03/2006 6.82.0.1 - Nokia)

==================== Restore Points  =========================

26-05-2014 13:50:57 Geplanter Prüfpunkt
27-05-2014 19:03:38 Geplanter Prüfpunkt
29-05-2014 11:30:40 Geplanter Prüfpunkt
30-05-2014 04:42:38 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {8F3A5F3B-5CAD-46EA-9ED2-3231740DC91D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {9CAD860A-7E65-4D13-894C-B9159D925A26} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8E3F484-6F23-4692-AAB8-4428F8E3AF68} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-01 20:31 - 2013-08-01 20:31 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-01 20:32 - 2013-08-01 20:32 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-01 20:33 - 2013-08-01 20:33 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-01 20:40 - 2013-08-01 20:40 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-08-04 19:09 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-01 20:33 - 2013-08-01 20:33 - 00169312 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2007-12-14 22:40 - 2007-12-14 22:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-08-11 16:03 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00036864 _____ () C:\Program Files\HP\HP UT\bin\hppusg.exe
2007-05-08 17:44 - 2007-05-08 17:44 - 00057344 _____ () C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00065536 _____ () C:\Program Files\HP\HP UT\bin\HPTools.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00114688 _____ () C:\Program Files\HP\HP UT\bin\HPToolkit.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00036864 _____ () C:\Program Files\HP\HP UT\bin\Enumeration.dll
2007-05-08 17:44 - 2007-05-08 17:44 - 00016384 _____ () C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Ingo\Documents\Ihre Bestellung bei Amazon Pommesschale.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ingo\Documents\Ihre Extra Prämie zu GMX Bestprice.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #6
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{91BAE77B-D1EB-4027-B856-B76A306B1DE4}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #9
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Nokia 6300
Description: Nokia Windows Portable Device Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 03:35:47 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Admin-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: Admin-PC\Carmen

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (05/31/2014 02:42:54 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Admin-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: Admin-PC\Carmen

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (05/31/2014 02:38:01 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Admin-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: Admin-PC\Carmen

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (05/29/2014 09:45:28 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/29/2014 09:14:39 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 1469016

Error: (05/27/2014 02:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3229

Error: (05/27/2014 02:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3229

Error: (05/27/2014 02:31:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/27/2014 02:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1716

Error: (05/27/2014 02:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1716


System errors:
=============
Error: (05/31/2014 03:36:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (05/31/2014 02:43:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (05/31/2014 02:39:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (05/31/2014 02:37:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000WerSvc

Error: (05/31/2014 02:36:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000avp

Error: (05/30/2014 03:12:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/30/2014 06:07:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/29/2014 04:25:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler

Error: (05/29/2014 04:25:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (05/29/2014 03:39:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Spooler


Microsoft Office Sessions:
=========================
Error: (07/08/2013 08:04:33 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3537 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (10/27/2011 07:56:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1892 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (06/30/2011 08:36:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36379 seconds with 1260 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-31 15:38:12.557
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:11.917
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:11.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:10.732
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:10.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:09.437
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:08.688
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:38:07.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:37:49.467
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 15:37:48.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 2939.26 MB
Available physical RAM: 1767.82 MB
Total Pagefile: 6098.73 MB
Available Pagefile: 4873.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.41 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.29 GB) (Free:9.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.92 GB) (Free:1.86 GB) FAT
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:95.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 5855FAD5)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Und jetzt bin ich beim Eset-Scan, allerdings gibt es bei den Computer-Prüfeinstellungen noch zwei Optionen mehr als auf der Anleitung:
a) Erkennung von eventuell unerwünschten Anwendungen aktivieren
b) Erkennung eventuell unerwünschter Anwendungen deaktivieren
Eine von beiden Optionen muss ich anklicken, sonst startet der Scan nicht. Welche ist die richtige? Ich tippe auf a), frage aber lieber nach, bevor ich Blödsinn mache...

Ansonsten habe ich, wie vorgeschrieben, aktiviert:
- Archive prüfen
- Auf potenziell unsichere Anwendungen prüfen
- Anti-Stealth-Technologie aktivieren
Korrekt?

Grüße, Trojandepp

Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip

Log-Analyse und Auswertung: Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip