Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.11.2014, 17:41   #1
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Hallo werte Forumsteilnehmer,

hatte letzte Woche einen gehackten Mail-Account (arcor) in meinem Mailprogramm (thunderbird - läuft mit windows 7 / upgrade von vista).
Arcor hatte mich dann gesperrt wegen Spammail-Versand von meinem Account.
Hab meinen Account telefonisch zurück bekommen, hab aber nun auch auf den anderen Mailadressen bei gmx und t-online Probleme:
bei gmx einen geänderten Postausgangsserver, zeitweise Sperre von t-online etc.
Außerdem treten "spontane Fenster" beim Versand auf, die zur "Passworteingabe" auffordern.

Was habe ich unternommen:
a) ein Bekannter hat thunderbird und firefox auf "Add-ons" überprüft, einige neue entfernt, die ich gar nicht installiert hatte und mir nun geraten, den Rechner platt zu machen.
b) Kaspersky-Komplett-Scan hat nichts gefunden
c) habe die Scans mit Defogger, Frst und GMER gemacht.
Die logs füge ich hier an
d) ich traue mich nicht, nun ein "thundersave" auszuführen, würde wohl nach dem Neuaufsetzen des Rechners dann die Probleme zurück bringen, oder?

Kann mir jemand bitte behilflich sein?
Wäre super...

Gruß Johann225

Hier die logs:

defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:05 on 12/11/2014 (fsc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by fsc (administrator) on FSC-PC on 12-11-2014 14:07:02
Running from C:\Users\fsc\Desktop
Loaded Profile: fsc (Available profiles: fsc)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(T-Com) C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-02-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-980341799-358424455-1386240906-1000\...\MountPoints2: {4fbdfae8-8c6d-11e1-8a57-0022fbbdc47a} - H:\LaunchU3.exe -a
HKU\S-1-5-21-980341799-358424455-1386240906-1000\...\MountPoints2: {55a9f67e-9451-11e2-aab6-0024be38eaf4} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Startup: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0EB53CFC72E5CC01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Adblock Plus - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-20]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-20]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-09] (Kaspersky Lab ZAO)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [133664 2012-02-10] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-09] (Kaspersky Lab ZAO)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-10-22] (Realtek Semiconductor Corp.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:07 - 2014-11-12 14:07 - 00012786 _____ () C:\Users\fsc\Desktop\FRST.txt
2014-11-12 14:06 - 2014-11-12 14:07 - 00000000 ____D () C:\FRST
2014-11-12 14:05 - 2014-11-12 14:06 - 00000468 _____ () C:\Users\fsc\Desktop\defogger_disable.log
2014-11-12 14:05 - 2014-11-12 14:05 - 00000000 _____ () C:\Users\fsc\defogger_reenable
2014-11-12 13:58 - 2014-11-12 13:58 - 00380416 _____ () C:\Users\fsc\Desktop\Gmer-19357.exe
2014-11-12 13:50 - 2014-11-12 13:50 - 01107968 _____ (Farbar) C:\Users\fsc\Desktop\FRST.exe
2014-11-12 13:47 - 2014-11-12 13:47 - 00050477 _____ () C:\Users\fsc\Desktop\Defogger.exe
2014-11-07 21:57 - 2014-11-07 21:57 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-07 21:45 - 2014-11-07 21:46 - 24743106 _____ () C:\Users\fsc\Downloads\vlc-2.1.5-win32.exe
2014-11-07 21:02 - 2014-11-07 21:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-31 18:53 - 2014-10-31 18:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-31 18:52 - 2014-10-31 18:52 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-31 18:51 - 2014-11-07 21:36 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\Documents\samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\AppData\Local\Samsung
2014-10-31 18:28 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-10-31 18:28 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-31 18:27 - 2014-04-30 19:47 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\Program Files\Samsung
2014-10-31 18:03 - 2014-10-31 18:03 - 00000000 ____D () C:\Users\fsc\AppData\Local\Downloaded Installations
2014-10-31 17:37 - 2014-10-31 17:38 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\fsc\Downloads\KiesSetup.exe
2014-10-16 15:11 - 2014-10-16 15:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-14 16:32 - 2014-10-14 16:32 - 00128207 ____H () C:\Users\fsc\Desktop\~WRL2695.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:05 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc
2014-11-12 14:03 - 2014-09-04 10:36 - 00000000 ___RD () C:\Users\fsc\Dropbox
2014-11-12 14:03 - 2012-02-07 01:47 - 01258922 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 13:59 - 2014-01-22 13:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 13:52 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 13:52 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 13:39 - 2012-02-07 01:55 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 13:19 - 2014-01-09 20:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-12 13:11 - 2012-05-14 07:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 15:59 - 2014-01-22 13:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 14:15 - 2014-09-04 10:27 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Dropbox
2014-11-11 14:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 14:12 - 2009-07-14 05:39 - 00329392 _____ () C:\Windows\setupact.log
2014-11-07 21:57 - 2012-03-20 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-07 21:41 - 2012-02-07 08:41 - 00016318 _____ () C:\Windows\PFRO.log
2014-11-07 21:26 - 2012-05-14 07:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-07 21:26 - 2012-02-13 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-07 21:22 - 2012-02-09 18:46 - 00000000 ____D () C:\Users\fsc\AppData\Local\Adobe
2014-11-07 21:09 - 2013-12-20 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 21:05 - 2012-02-07 09:56 - 00000000 ____D () C:\Users\fsc\AppData\Local\Thunderbird
2014-11-07 21:04 - 2012-06-22 07:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-31 18:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-31 18:27 - 2012-02-10 00:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-18 19:17 - 2014-03-28 15:35 - 08601600 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-10-16 15:16 - 2012-02-08 14:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-16 15:13 - 2012-03-04 21:45 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Skype
2014-10-16 15:11 - 2012-02-08 14:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-16 15:10 - 2012-02-08 14:17 - 00000000 ____D () C:\Program Files\Adobe

Some content of TEMP:
====================
C:\Users\fsc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyy3gcw.dll
C:\Users\fsc\AppData\Local\Temp\exp5E73.tmp.exe
C:\Users\fsc\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 11:53

==================== End Of Log ============================


Addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by fsc at 2014-11-12 14:07:32
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BibelCarD (HKLM\...\BibelCarD) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
FOTOParadies (HKLM\...\{8E47D8C1-8F4D-4356-9B2B-1A202956B778}}_is1) (Version: 3.5.0.1 - Foto Online Service GmbH)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PhotoRescue Pro (HKLM\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.9 - Essential Data Tools)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype™ 5.8 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.156 - Skype Technologies S.A.)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-11-2014 20:33:24 Removed Samsung Kies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D19EE30-0F02-4C1F-8086-9E0142F6EBEF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {25F4BE48-FD5A-4462-89EC-56DCE66BDD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {4A07C489-E702-4E22-AE64-1F8CEF4D0F04} - System32\Tasks\{768A6CB9-F96E-4159-B0C7-FC9A6D871AF5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {55F383D5-DED7-4256-9E06-6804945B8D58} - System32\Tasks\{F32DFB14-5636-4EA4-A95C-E2BFABF3ACF6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {C5BA4815-87F4-40A9-86FE-F40591AB337C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {C7128B80-7B08-4442-BC81-0E4B2D0CC942} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07] (Adobe Systems Incorporated)
Task: {CB9A6B64-558D-4CA9-9123-F8B57E14BB82} - System32\Tasks\{E1C01AB0-A45E-44E2-9F5F-F1A5ED1A6F98} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2003-08-29 10:24 - 2003-08-29 10:24 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2012-02-14 10:24 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-980341799-358424455-1386240906-500 - Administrator - Disabled)
fsc (S-1-5-21-980341799-358424455-1386240906-1000 - Administrator - Enabled) => C:\Users\fsc
Gast (S-1-5-21-980341799-358424455-1386240906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-980341799-358424455-1386240906-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 00:32:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/08/2014 00:30:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/01/2014 01:13:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/01/2014 01:11:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/31/2014 06:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1821, Zeitstempel: 0x539bcf9c
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965, Zeitstempel: 0x506dbd3f
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c6e3
ID des fehlerhaften Prozesses: 0x11d8
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (10/31/2014 06:53:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Input.InputManager..ctor()
at System.Windows.Input.InputManager.GetCurrentInputManagerImpl()
at System.Windows.Input.KeyboardNavigation..ctor()
at System.Windows.FrameworkElement+FrameworkServices..ctor()
at System.Windows.FrameworkElement.EnsureFrameworkServices()
at System.Windows.FrameworkElement..ctor()
at System.Windows.Controls.Control..ctor()
at System.Windows.Window..ctor()
at Kies.UI.Dialogs.KiesMessageBox..ctor()
at Kies.UI.Dialogs.KiesMessageBox.Show(System.Windows.Window, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions, System.String, Boolean)
at Kies.UI.Dialogs.KiesMessageBox.Show(System.String, System.String, System.Windows.MessageBoxButton)
at Kies.Common.Util.WebDownloader.SetDownloadType(Kies.Common.Util.UpdateTypeEnum)
at Kies.Common.Util.WebDownloader.StartDownloadFiles(Kies.Common.Util.UpdateTypeEnum)
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DownloadExtractNMoveFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.CheckNDownloadDriverFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DoNextOperation(System.Object)
at System.Threading._TimerCallback.TimerCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

Error: (10/31/2014 05:45:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm KiesSetup.exe, Version 2.6.3.14044 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1588

Startzeit: 01cff5297185a95d

Endzeit: 60000

Anwendungspfad: C:\Users\fsc\Downloads\KiesSetup.exe

Berichts-ID: 253062fe-611d-11e4-ba65-002433e8a72c

Error: (10/31/2014 05:44:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm KiesSetup.exe, Version 2.6.3.14044 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 49c

Startzeit: 01cff52942a4e74d

Endzeit: 0

Anwendungspfad: C:\Users\fsc\Downloads\KiesSetup.exe

Berichts-ID: d3e5027a-611c-11e4-ba65-002433e8a72c

Error: (10/28/2014 09:33:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/28/2014 09:33:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 02:12:08 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (11/08/2014 00:32:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/08/2014 00:30:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe

Error: (11/01/2014 01:13:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/01/2014 01:11:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe

Error: (10/31/2014 06:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Kies.exe1.0.0.1821539bcf9cKERNELBASE.dll6.1.7601.17965506dbd3fe04343520000c6e311d801cff53341a86e3dC:\Program Files\Samsung\Kies\Kies.exeC:\Windows\system32\KERNELBASE.dlle3677b8f-6126-11e4-bf2a-002433e8a72c

Error: (10/31/2014 06:53:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Input.InputManager..ctor()
at System.Windows.Input.InputManager.GetCurrentInputManagerImpl()
at System.Windows.Input.KeyboardNavigation..ctor()
at System.Windows.FrameworkElement+FrameworkServices..ctor()
at System.Windows.FrameworkElement.EnsureFrameworkServices()
at System.Windows.FrameworkElement..ctor()
at System.Windows.Controls.Control..ctor()
at System.Windows.Window..ctor()
at Kies.UI.Dialogs.KiesMessageBox..ctor()
at Kies.UI.Dialogs.KiesMessageBox.Show(System.Windows.Window, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions, System.String, Boolean)
at Kies.UI.Dialogs.KiesMessageBox.Show(System.String, System.String, System.Windows.MessageBoxButton)
at Kies.Common.Util.WebDownloader.SetDownloadType(Kies.Common.Util.UpdateTypeEnum)
at Kies.Common.Util.WebDownloader.StartDownloadFiles(Kies.Common.Util.UpdateTypeEnum)
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DownloadExtractNMoveFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.CheckNDownloadDriverFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DoNextOperation(System.Object)
at System.Threading._TimerCallback.TimerCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

Error: (10/31/2014 05:45:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KiesSetup.exe2.6.3.14044158801cff5297185a95d60000C:\Users\fsc\Downloads\KiesSetup.exe253062fe-611d-11e4-ba65-002433e8a72c

Error: (10/31/2014 05:44:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KiesSetup.exe2.6.3.1404449c01cff52942a4e74d0C:\Users\fsc\Downloads\KiesSetup.exed3e5027a-611c-11e4-ba65-002433e8a72c

Error: (10/28/2014 09:33:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (10/28/2014 09:33:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe


CodeIntegrity Errors:
===================================
Date: 2014-11-08 00:31:06.560
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.514
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.514
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.498
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.498
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3039.03 MB
Available physical RAM: 1801.92 MB
Total Pagefile: 6076.34 MB
Available Pagefile: 4911.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.88 GB) (Free:24.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk) (Fixed) (Total:22.78 GB) (Free:3.29 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:29.49 GB) (Free:0.38 GB) FAT32
Drive h: (PLATINUM) (Removable) (Total:119.01 GB) (Free:107.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE3A5F1D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=88.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


Gmer-19357:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-12 14:32:03
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SATA_SSD rev.S5FAM011 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\fsc\AppData\Local\Temp\uwldypow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x91C90990]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x91C411CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x91C41400]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x91C40FC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x91C9355C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x91C9298C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x91C92BD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x91C9251E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x91C31640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x91C90AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x91C905FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x91C93312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x91C92052]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x91C9378C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x91C9267E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x91C931C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x91C412D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x91C92EE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x91C410C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x91C93048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x91C31A5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x91C90936]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x91C9225A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x91C92D82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x91C31A6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x91C923C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x91C92882]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x91C93894]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x91C9361E]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83244A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327E1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8328522C 4 Bytes [90, 09, C9, 91] {NOP ; OR ECX, ECX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83285254 4 Bytes [CE, 11, C4, 91] {INTO ; ADC ESP, EAX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83285298 4 Bytes [00, 14, C4, 91] {ADD [ESP+EAX*8], DL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 832852E8 4 Bytes [C8, 0F, C4, 91] {ENTER 0xc40f, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328534C 4 Bytes [5C, 35, C9, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9343B000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 2.1 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 70F41ED6 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] USER32.dll!NotifyWinEvent + 5B2 76FDD570 4 Bytes [0B, 26, F4, 70]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] USER32.dll!NotifyWinEvent + 6AE 76FDD66C 4 Bytes [1B, 2F, F4, 70]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e8a72c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e8a72c (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2014-11-12 13:16:58

---- EOF - GMER 2.1 ----

Alt 12.11.2014, 18:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 13.11.2014, 10:39   #3
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Hallo Schrauber,
danke für die Unterstützung. Sorry, dass ich die logs falsch reingesetzt habe. Hoffe, dass es nun o.k. ist so.
Hier der "log" aus der Datei - hoffentlich die richtige.
Meine Virensoftware hat sich leider beim Neustart automatisch "eingemischt".
Gruß Johann225


Code:
ATTFilter
ComboFix 14-11-12.01 - fsc 12.11.2014  21:59:11.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3039.2262 [GMT 1:00]
ausgeführt von:: C:\Users\fsc\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
         
Jetzt hab ich heute den Autostart von Kaspersky und von "drop-box" abgeschaltet und dann nochmals Combo-Fix laufen lassen. Hoffe, das war so o.k.
Da war das Ergebnis gleich "umfangreicher" und es wurde auch die erwartete log-Datei erstellt. Ich füge sie hier nun an.

Gruß Johann225

Code:
ATTFilter
ComboFix 14-11-12.01 - fsc 13.11.2014   9:34.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3039.2376 [GMT 1:00]
ausgeführt von:: c:\users\fsc\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
C:\setup.exe
c:\users\fsc\AppData\Roaming\650B1C39\650B1C39.srv
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll wurde wiederhergestellt 
.
--------
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-13 bis 2014-11-13  ))))))))))))))))))))))))))))))
.
.
2014-11-13 08:46 . 2014-11-13 08:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-12 21:10 . 2014-11-13 08:51	--------	d-----w-	c:\users\fsc\AppData\Local\temp
2014-11-12 13:06 . 2014-11-12 13:07	--------	d-----w-	C:\FRST
2014-11-07 20:08 . 2014-11-07 20:08	3231832	----a-w-	c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-11-07 20:08 . 2014-11-07 20:08	10397296	----a-w-	c:\program files\Mozilla Firefox\icudt52.dll
2014-11-07 20:08 . 2014-11-07 20:08	1023600	----a-w-	c:\program files\Mozilla Firefox\icuin52.dll
2014-11-07 20:08 . 2014-11-07 20:08	800368	----a-w-	c:\program files\Mozilla Firefox\icuuc52.dll
2014-11-07 20:08 . 2014-11-07 20:08	220784	----a-w-	c:\program files\Mozilla Firefox\sandboxbroker.dll
2014-11-07 20:02 . 2014-11-07 20:04	--------	d-----w-	c:\program files\Mozilla Thunderbird
2014-10-31 17:51 . 2014-10-31 17:51	--------	d-----w-	c:\users\fsc\AppData\Local\Samsung
2014-10-31 17:51 . 2014-11-07 20:36	--------	d-----w-	c:\users\fsc\AppData\Roaming\Samsung
2014-10-31 17:28 . 2014-04-30 18:43	144664	----a-w-	c:\windows\system32\secman.dll
2014-10-31 17:28 . 2014-04-30 18:43	4659712	----a-w-	c:\windows\system32\Redemption.dll
2014-10-31 17:27 . 2014-04-30 18:47	821824	----a-w-	c:\windows\system32\dgderapi.dll
2014-10-31 17:22 . 2014-11-07 20:36	--------	d-----w-	c:\program files\Samsung
2014-10-31 17:22 . 2014-11-07 20:36	--------	d-----w-	c:\programdata\Samsung
2014-10-31 17:03 . 2014-10-31 17:03	--------	d-----w-	c:\users\fsc\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-07 20:26 . 2012-05-14 06:42	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-07 20:26 . 2012-02-13 12:12	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22	131480	----a-w-	c:\users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-02-09 7596576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-02-09 1833504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-20 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ControlCenter.lnk - c:\program files\T-Home\Eumex 800 V1.30\ControlCenter.exe [2007-2-9 221184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-03-22 94304]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-01-09 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-01-09 144992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2012-02-09 133664]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-02-17 25184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2014-01-09 25696]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 20:26]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-22 12:04]
.
2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-22 12:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-BibelCarD - c:\windows\unin0407.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-13  09:56:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-13 08:56
.
Vor Suchlauf: 24 Verzeichnis(se), 29.098.917.888 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 28.849.545.216 Bytes frei
.
- - End Of File - - 65FFF3F81EF92B9C5F358338A9CCDB16
A36C5E4F47E84449FF07ED3517B43A31
         
__________________

Alt 14.11.2014, 07:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.11.2014, 15:46   #5
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Hallo Schrauber,

danke für diese Unterstützung. Habe die Schritte so gut ich konnte ausgeführt und hier sind die entsprechenden "logs".
Bin auf die Entwicklung sehr gespannt.

Gruß Johann225

Mbam.log
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/11/14 10:12:21 +0100</date>
<logfile>mbam-log-2014-11-14 (10-12-21).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.09.19.05</malware-database>
<rootkit-database>v2014.09.18.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>fsc</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>291690</objects>
<time>368</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\fsc\Downloads\openfreely2114_1834.exe</path><vendor>PUP.Optional.InstallIQ.A</vendor><action>success</action><hash>4d34cb24b5c6a690a72e27ff2bd6f10f</hash></file>
</items>
</mbam-log>
         

ADW-Cleaner-log: RO
Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 14/11/2014 um 10:33:01
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : fsc - FSC-PC
# Gestartet von : C:\Users\fsc\Desktop\AdwCleaner_4.101.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\fsc\AppData\Roaming\pdfforge

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\PIP

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v33.0.3 (x86 de)


*************************

AdwCleaner[R0].txt - [1688 octets] - [14/11/2014 10:33:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1748 octets] ##########
         

ADW-Cleaner log: SO
Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 14/11/2014 um 12:18:13
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : fsc - FSC-PC
# Gestartet von : C:\Users\fsc\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\fsc\AppData\Roaming\pdfforge

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v33.0.3 (x86 de)


*************************

AdwCleaner[R0].txt - [1828 octets] - [14/11/2014 10:33:01]
AdwCleaner[S0].txt - [1749 octets] - [14/11/2014 12:18:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1809 octets] ##########
         

JRT-log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x86
Ran by fsc on 14.11.2014 at 12:30:28,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\fsc\AppData\Roaming\mozilla\firefox\profiles\sctb0r2r.default\minidumps [76 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2014 at 12:32:43,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

neues FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by fsc (administrator) on FSC-PC on 14-11-2014 12:41:46
Running from C:\Users\fsc\Desktop
Loaded Profile: fsc (Available profiles: fsc)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(T-Com) C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-02-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0EB53CFC72E5CC01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-980341799-358424455-1386240906-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Adblock Plus - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-20]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-20]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-09] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [133664 2012-02-10] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-10-22] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\fsc\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys C2FBF6D271D9A94D839C416BF186EAD9
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\system32\drivers\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys D0A6C0CEB3B74A91884F804FF4F031C0
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C
C:\Windows\System32\DRIVERS\klflt.sys 7C731AA78B9FB5B197A4506B63D5A248
C:\Windows\System32\DRIVERS\klif.sys 72D91384E7E0A8F6C559AA87D81F4DE2
C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96
C:\Windows\System32\DRIVERS\klkbdflt.sys CC0909694768C302B89CC040436ECABC
C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3
C:\Windows\System32\DRIVERS\klpd.sys EB0D72D2844C57F5F146D7A15B04FBF9
C:\Windows\System32\DRIVERS\kltdi.sys 040A3BC4AF5A0430A1D9A758F076465E
C:\Windows\System32\DRIVERS\kneps.sys 4D19D96447E160A7E4B479037761BBC1
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys D2DED3C333A5D9CB3F4C244B0F0DD877
C:\Windows\system32\drivers\mwac.sys 7A6526C8BD114DB7CA8930AB22D52A0B
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIV.sys 87407B31EA6FF0DC4765258164B98BEA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 8B7C1768D2CDE2E02E09A66563DDFD16
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\VSTAZL3.SYS E00FDFAFF025E94F9821153750C35A6D
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssadbus.sys 64E44ACD8C238FCBBB78F0BA4BDC4B05
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\DRIVERS\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\truecrypt.sys 746B8CF9CEDEDDD865472544EDF626DA
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x86.sys B07C5B7EFDF936FF93D4F540938725BE

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 12:36 - 2014-11-14 12:36 - 00033886 _____ () C:\Users\fsc\Desktop\Shortcut.txt
2014-11-14 12:33 - 2014-11-14 12:33 - 00000753 _____ () C:\Users\fsc\Desktop\JRT 141114 1233.txt
2014-11-14 12:32 - 2014-11-14 12:32 - 00000753 _____ () C:\Users\fsc\Desktop\JRT.txt
2014-11-14 12:30 - 2014-11-14 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-11-14 12:25 - 2014-11-14 10:34 - 00001828 _____ () C:\Users\fsc\Desktop\AdwCleaner[R0].txt
2014-11-14 12:22 - 2014-11-14 12:22 - 00001889 _____ () C:\Users\fsc\Desktop\AdwCleaner[S0].txt
2014-11-14 10:32 - 2014-11-14 12:18 - 00000000 ____D () C:\AdwCleaner
2014-11-14 10:11 - 2014-11-14 12:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 10:10 - 2014-11-14 10:10 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-14 10:10 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-14 10:10 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-14 10:10 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-14 10:08 - 2014-11-14 10:08 - 01706808 _____ (Thisisu) C:\Users\fsc\Desktop\JRT.exe
2014-11-14 10:07 - 2014-11-14 10:07 - 02140160 _____ () C:\Users\fsc\Desktop\AdwCleaner_4.101.exe
2014-11-14 10:06 - 2014-11-14 10:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\fsc\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-13 09:56 - 2014-11-13 09:56 - 00012994 _____ () C:\ComboFix.txt
2014-11-12 21:54 - 2014-11-13 09:57 - 00000000 ____D () C:\Qoobox
2014-11-12 21:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-12 21:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-12 21:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-12 21:53 - 2014-11-13 09:51 - 00000000 ____D () C:\Windows\erdnt
2014-11-12 21:48 - 2014-11-12 21:48 - 05597734 ____R (Swearware) C:\Users\fsc\Desktop\ComboFix.exe
2014-11-12 14:32 - 2014-11-12 14:32 - 00009184 _____ () C:\Users\fsc\Desktop\Gmer 19357 Log 141112 1431.log
2014-11-12 14:07 - 2014-11-14 12:41 - 00028862 _____ () C:\Users\fsc\Desktop\FRST.txt
2014-11-12 14:07 - 2014-11-14 12:36 - 00015763 _____ () C:\Users\fsc\Desktop\Addition.txt
2014-11-12 14:06 - 2014-11-14 12:41 - 00000000 ____D () C:\FRST
2014-11-12 14:05 - 2014-11-12 14:06 - 00000468 _____ () C:\Users\fsc\Desktop\defogger_disable.log
2014-11-12 14:05 - 2014-11-12 14:05 - 00000000 _____ () C:\Users\fsc\defogger_reenable
2014-11-12 13:58 - 2014-11-12 13:58 - 00380416 _____ () C:\Users\fsc\Desktop\Gmer-19357.exe
2014-11-12 13:50 - 2014-11-12 13:50 - 01107968 _____ (Farbar) C:\Users\fsc\Desktop\FRST.exe
2014-11-12 13:47 - 2014-11-12 13:47 - 00050477 _____ () C:\Users\fsc\Desktop\Defogger.exe
2014-11-07 21:57 - 2014-11-07 21:57 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-07 21:45 - 2014-11-07 21:46 - 24743106 _____ () C:\Users\fsc\Downloads\vlc-2.1.5-win32.exe
2014-11-07 21:02 - 2014-11-07 21:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-31 18:53 - 2014-10-31 18:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-31 18:52 - 2014-10-31 18:52 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-31 18:51 - 2014-11-07 21:36 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\Documents\samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\AppData\Local\Samsung
2014-10-31 18:28 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-10-31 18:28 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-31 18:27 - 2014-04-30 19:47 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\Program Files\Samsung
2014-10-31 18:03 - 2014-10-31 18:03 - 00000000 ____D () C:\Users\fsc\AppData\Local\Downloaded Installations
2014-10-31 17:37 - 2014-10-31 17:38 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\fsc\Downloads\KiesSetup.exe
2014-10-16 15:11 - 2014-10-16 15:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 12:27 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 12:27 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 12:23 - 2012-02-07 01:47 - 01303444 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 12:21 - 2014-01-22 13:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 12:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 12:20 - 2009-07-14 05:39 - 00332696 _____ () C:\Windows\setupact.log
2014-11-14 12:19 - 2012-02-07 08:41 - 00018962 _____ () C:\Windows\PFRO.log
2014-11-14 12:11 - 2012-05-14 07:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 11:59 - 2014-01-22 13:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 10:30 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2014-11-14 09:57 - 2014-01-09 20:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-13 21:39 - 2012-02-07 01:55 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 09:56 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-13 09:56 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-13 09:50 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-13 09:22 - 2014-09-04 10:36 - 00000000 ___RD () C:\Users\fsc\Dropbox
2014-11-13 09:16 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc\AppData\Local\VirtualStore
2014-11-13 09:14 - 2014-09-04 10:27 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Dropbox
2014-11-12 14:05 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc
2014-11-07 21:57 - 2012-03-20 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-07 21:26 - 2012-05-14 07:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-07 21:26 - 2012-02-13 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-07 21:22 - 2012-02-09 18:46 - 00000000 ____D () C:\Users\fsc\AppData\Local\Adobe
2014-11-07 21:09 - 2013-12-20 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 21:05 - 2012-02-07 09:56 - 00000000 ____D () C:\Users\fsc\AppData\Local\Thunderbird
2014-11-07 21:04 - 2012-06-22 07:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-31 18:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-31 18:27 - 2012-02-10 00:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-18 19:17 - 2014-03-28 15:35 - 08601600 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-10-16 15:16 - 2012-02-08 14:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-16 15:13 - 2012-03-04 21:45 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Skype
2014-10-16 15:11 - 2012-02-08 14:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-16 15:10 - 2012-02-08 14:17 - 00000000 ____D () C:\Program Files\Adobe

Some content of TEMP:
====================
C:\Users\fsc\AppData\Local\temp\Quarantine.exe
C:\Users\fsc\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
default                 {current}
resumeobject            {44eb0b49-41fe-11e3-84f4-806e6f6e6963}
displayorder            {current}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  de-DE
recoverysequence        {853608c8-41fd-11e3-873a-a2071d736002}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {44eb0b49-41fe-11e3-84f4-806e6f6e6963}

Windows-Startladeprogramm
-------------------------
Bezeichner              {853608c8-41fd-11e3-873a-a2071d736002}
device                  ramdisk=[C:]\Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\Winre.wim,{853608c9-41fd-11e3-873a-a2071d736002}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (wiederhergestellt) 
locale                  
osdevice                ramdisk=[C:]\Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\Winre.wim,{853608c9-41fd-11e3-873a-a2071d736002}
systemroot              \windows
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {44eb0b49-41fe-11e3-84f4-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE

Ger„teoptionen
--------------
Bezeichner              {853608c9-41fd-11e3-873a-a2071d736002}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\boot.sdi



LastRegBack: 2014-11-06 11:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Neue Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by fsc at 2014-11-14 12:42:08
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
FOTOParadies (HKLM\...\{8E47D8C1-8F4D-4356-9B2B-1A202956B778}}_is1) (Version: 3.5.0.1 - Foto Online Service GmbH)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PhotoRescue Pro (HKLM\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.9 - Essential Data Tools)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype™ 5.8 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.156 - Skype Technologies S.A.)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-11-2014 20:55:12 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-11-13 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D19EE30-0F02-4C1F-8086-9E0142F6EBEF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {25F4BE48-FD5A-4462-89EC-56DCE66BDD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {4A07C489-E702-4E22-AE64-1F8CEF4D0F04} - System32\Tasks\{768A6CB9-F96E-4159-B0C7-FC9A6D871AF5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {55F383D5-DED7-4256-9E06-6804945B8D58} - System32\Tasks\{F32DFB14-5636-4EA4-A95C-E2BFABF3ACF6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {C5BA4815-87F4-40A9-86FE-F40591AB337C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {C7128B80-7B08-4442-BC81-0E4B2D0CC942} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07] (Adobe Systems Incorporated)
Task: {CB9A6B64-558D-4CA9-9123-F8B57E14BB82} - System32\Tasks\{E1C01AB0-A45E-44E2-9F5F-F1A5ED1A6F98} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2003-08-29 10:24 - 2003-08-29 10:24 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2012-02-14 10:24 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-980341799-358424455-1386240906-500 - Administrator - Disabled)
fsc (S-1-5-21-980341799-358424455-1386240906-1000 - Administrator - Enabled) => C:\Users\fsc
Gast (S-1-5-21-980341799-358424455-1386240906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-980341799-358424455-1386240906-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-13 10:14:41.949
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.949
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.949
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 10:14:41.902
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 23%
Total physical RAM: 3039.03 MB
Available physical RAM: 2329.17 MB
Total Pagefile: 6076.34 MB
Available Pagefile: 5338.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.88 GB) (Free:26.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk) (Fixed) (Total:22.78 GB) (Free:3.29 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:29.49 GB) (Free:0.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE3A5F1D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=88.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

und noch neues "short-cut":
Code:
ATTFilter
Users shortcut scan result (x86) Version: 10-11-2014
Ran by fsc at 2014-11-14 12:42:15
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Historie.lnk -> C:\Program Files\PDFCreator\History.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hilfe.lnk -> C:\Program Files\PDFCreator\PDFCreator_german.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator im Internet.lnk -> C:\Program Files\PDFCreator\PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk -> C:\Program Files\PDFCreator\languages\TransTool.exe (pdfforge  hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Unterstütze PDFCreator.lnk -> C:\Program Files\PDFCreator\Unterstütze PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk -> C:\Program Files\PDFCreator\AFPL License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files\PDFCreator\FairPlay License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files\PDFCreator\GNU License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk -> C:\Program Files\PDFCreator\Images2PDF\Images2PDF.exe (pdfforge GbR)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely\Open Freely.lnk -> C:\Program Files\Open Freely\OpenFreely.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely\Uninstall Open Freely.lnk -> C:\Program Files\Open Freely\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010-Spracheinstellungen.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Office Anytime Upgrade.lnk -> C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Hilfe für Kaspersky Internet Security.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\de\kis\context.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Lab im Internet.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kl.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Lizenzvertrag.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\de\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\de.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter Help.lnk -> C:\Program Files\Free M4a to MP3 Converter\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter Web-site.lnk -> C:\Program Files\Free M4a to MP3 Converter\homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter.lnk -> C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe (ManiacTools)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Uninstall the program.lnk -> C:\Program Files\Free M4a to MP3 Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies deinstallieren.lnk -> C:\Program Files\FOTOParadies\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies Support.lnk -> C:\Program Files\FOTOParadies\Resources\TeamViewer\TeamViewerQS_de.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Control Center.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Das kleine ISDN-Lexikon.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\LEXIKON.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Hinweis für die Handbücher Eumex 800.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\pabx\dokupabx.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Hinweis für die Handbücher Systemtelefone T-PX721 & Concept PX 722.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\phone\dokutpx.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Konfiguration der Telefonanlage.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\800Cf.exe (T-Home)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Documentation.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\photorescuepro.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\License.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\License.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\PhotoRescue Pro.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Release Notes.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\ReleaseNotes.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Uninstall PhotoRescue Pro.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Visit PhotoRescue Pro Homepage.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\PhotoRescuePro.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Deinstallation.lnk -> C:\ProgramData\elsterformular\setup\uninstall.exe (Landesfinanzdirektion Thüringen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hotline.lnk -> C:\Program Files\ElsterFormular\bin\hotlineTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk -> C:\Program Files\ElsterFormular\bin\pica.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deinstallationsprogramm für Canon-Drucker\Deinstallationsprogramm für CARPS-Druckertreiber Ver.3.0.lnk -> C:\Program Files\Canon\PrnUninstall\CARPS Printer Driver 3.0\UNINSTAL.exe (Canon Incorporated company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BibelCarD\BibelCarD.lnk -> C:\Program Files\BibelCarD\BibelCarD.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bibel Digital\CD-ROM Bibel Edition.lnk -> C:\Users\fsc\Documents\Lutherbibel\mfbo2a32.exe (Ingenieurbüro Matthias Frey)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop Elements\Adobe Photoshop Elements.lnk -> C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop Elements\Photoshop Elements Bitte lesen.lnk -> C:\Program Files\Adobe\Photoshop Elements\Photoshop Elements Bitte lesen.wri ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\Links\Desktop.lnk -> C:\Users\fsc\Desktop ()
Shortcut: C:\Users\fsc\Links\Downloads.lnk -> C:\Users\fsc\Downloads ()
Shortcut: C:\Users\fsc\Links\Dropbox.lnk -> C:\Users\fsc\Dropbox ()
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Word\LK%20Prot%20141105%20EVO%2001304074752451667693\LK%20Prot%20141105%20EVO%2001.docx.lnk -> C:\Users\fsc\Desktop\LK Prot 141105 EVO 01.docx (No File)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\fsc\Dropbox ()
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CD-ROM Bibel Edition.lnk -> C:\Users\fsc\Documents\Lutherbibel\mfbo2a32.exe (Ingenieurbüro Matthias Frey)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\Uninstall TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt Setup.exe (TrueCrypt Foundation) -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\PDFCreator\Images2PDF\Images2PDFC.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security entfernen.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i{6F6873E3-5C92-4049-B511-231A138DD090} REMOVE=ALL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E} FEEDBACK=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies.lnk -> C:\Program Files\FOTOParadies\FOTOParadies.exe (Foto Online Service GmbH) -> de
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hilfe.lnk -> C:\Program Files\ElsterFormular\bin\hilfepica.exe () -> -collectionFile "C:\Program Files\ElsterFormular/hilfe/elfo.bedienung.qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Installationsverwaltung.lnk -> C:\Program Files\ElsterFormular\bin\installationsverwaltung.exe () -> --zeigeDlg
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Integritätsprüfer.lnk -> C:\Program Files\ElsterFormular\bin\integritaetspruefer.exe () -> -path "C:\Program Files\ElsterFormular"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Screenreadermodus.lnk -> C:\Program Files\ElsterFormular\bin\pica.exe () -> --sehbehindertenmodus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\fsc\Desktop\Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\PowerPoint\EFG%20Folienvorlage%20Lieder304075370577704781\EFG%20Folienvorlage%20Lieder.ppt.lnk -> D:\BTL Gem\BTL Formulare\BTL Gemeinde\EFG Folienvorlage Lieder.ppt () -> 0
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Excel\BTL%20Gottesdienstplan%202015%20141104304081413739489886\BTL%20Gottesdienstplan%202015%20141104.xls.lnk -> D:\BTL Gem V\BTL Mitarbeitende\BTL Listen & Pläne\BTL Gottesdienst Pläne\BTL Gottesdienstplan 2015 141104.xls () -> 55


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt Website.url -> hxxp://www.truecrypt.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies Website.url -> hxxp://www.paradiesfotobuch.de/
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\fsc\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\fsc\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com

==================== End of log =============================
         


Alt 15.11.2014, 12:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts

Alt 17.11.2014, 13:23   #7
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Hallo Schrauber,
danke auch für diesen Beitrag.
Zuerst bitte ich um "Nachsicht", dass es mit meiner Antwort nun gedauert hat. Am Samstag war ich bis 23 Uhr im Dienst und am Sonntag bis 22.30 - dann war ich "platt".
Hier nun das erste "log" von Eset, die anderen folgen. Eset wurde zweimal fündig in der Win32-Toolbar eine Datei namens "Widgi" Ich werde der Beschreibung folgen und zunächst nach der "Deinstallation von Eset" das zweite Scan machen mit "Security-Check".
Danach müsste ich noch mit meiner zweiten Externen Festplatte den "Eset-Vorgang" wiederholen. Auf dieser zweiten Platte sichere ich normaler Weise meine "eigenen Dateien" - also auch die "downloads" (sollte ich mir wohl "abgewöhnen")
"Nachtrag": zur Frage "noch Probleme:
Ja, einen "sehr langsamen Rechner" bei gleichzeitiger CPU-Auslastung "unter 1%" und einen "firefox", der bei Seitenaufruf manchmal für einige Sekunden "ganz verschwindet" und dann wieder normal erscheint...
(ein Bekannter meinte, dass eventuell meie SSD (125 GB) einen "Schuss" haben könnte.)

Meine Frage nun: ist der PC sauber genug, dass ich Dateien sichern kann und meinen Thunderbird sichern kann?

Gruß Johann225


Eset-log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8a0735de1645349967ff80b71772677
# engine=21122
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-17 09:47:02
# local_time=2014-11-17 10:47:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 4993 47692044 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41860866 167848813 0 0
# scanned=4224
# found=0
# cleaned=0
# scan_time=308
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8a0735de1645349967ff80b71772677
# engine=21122
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-17 12:06:40
# local_time=2014-11-17 01:06:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 13371 47700422 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41869244 167857191 0 0
# scanned=323841
# found=2
# cleaned=0
# scan_time=8289
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fsc\Downloads\pdfcreator-1_2_3_setup.exe"
         
Hier nun das log von "Security-Chek":
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.0.3) 
 Mozilla Thunderbird (31.2.0) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Neues FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 03
Ran by fsc (administrator) on FSC-PC on 17-11-2014 13:31:57
Running from C:\Users\fsc\Desktop
Loaded Profile: fsc (Available profiles: fsc)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-02-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0EB53CFC72E5CC01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-maps.xml
FF Extension: DownloadHelper - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Adblock Plus - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-20]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-20]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-09] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [133664 2012-02-10] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-10-22] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\fsc\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys C2FBF6D271D9A94D839C416BF186EAD9
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\system32\drivers\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys D0A6C0CEB3B74A91884F804FF4F031C0
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C
C:\Windows\System32\DRIVERS\klflt.sys 7C731AA78B9FB5B197A4506B63D5A248
C:\Windows\System32\DRIVERS\klif.sys 72D91384E7E0A8F6C559AA87D81F4DE2
C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96
C:\Windows\System32\DRIVERS\klkbdflt.sys CC0909694768C302B89CC040436ECABC
C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3
C:\Windows\System32\DRIVERS\klpd.sys EB0D72D2844C57F5F146D7A15B04FBF9
C:\Windows\System32\DRIVERS\kltdi.sys 040A3BC4AF5A0430A1D9A758F076465E
C:\Windows\System32\DRIVERS\kneps.sys 4D19D96447E160A7E4B479037761BBC1
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys D2DED3C333A5D9CB3F4C244B0F0DD877
C:\Windows\system32\drivers\mwac.sys 7A6526C8BD114DB7CA8930AB22D52A0B
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIV.sys 87407B31EA6FF0DC4765258164B98BEA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 8B7C1768D2CDE2E02E09A66563DDFD16
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\VSTAZL3.SYS E00FDFAFF025E94F9821153750C35A6D
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssadbus.sys 64E44ACD8C238FCBBB78F0BA4BDC4B05
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\DRIVERS\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\truecrypt.sys 746B8CF9CEDEDDD865472544EDF626DA
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x86.sys B07C5B7EFDF936FF93D4F540938725BE

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 13:31 - 2014-11-17 13:31 - 00000000 ____D () C:\Users\fsc\Desktop\FRST-OlderVersion
2014-11-17 13:30 - 2014-11-17 13:30 - 00000785 _____ () C:\Users\fsc\Desktop\checkup 141117 1330.txt
2014-11-17 10:37 - 2014-11-17 10:37 - 00000000 ____D () C:\Program Files\ESET
2014-11-17 10:36 - 2014-11-17 10:36 - 00854448 _____ () C:\Users\fsc\Desktop\SecurityCheck.exe
2014-11-17 10:35 - 2014-11-17 10:35 - 02347384 _____ (ESET) C:\Users\fsc\Desktop\esetsmartinstaller_deu.exe
2014-11-14 15:32 - 2014-11-14 15:32 - 00002860 _____ () C:\Users\fsc\Desktop\mbam-log-2014-11-14 (10-12-21).xml
2014-11-14 12:36 - 2014-11-14 12:42 - 00033886 _____ () C:\Users\fsc\Desktop\Shortcut.txt
2014-11-14 12:33 - 2014-11-14 12:33 - 00000753 _____ () C:\Users\fsc\Desktop\JRT 141114 1233.txt
2014-11-14 12:32 - 2014-11-14 12:32 - 00000753 _____ () C:\Users\fsc\Desktop\JRT.txt
2014-11-14 12:30 - 2014-11-14 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-11-14 12:25 - 2014-11-14 10:34 - 00001828 _____ () C:\Users\fsc\Desktop\AdwCleaner[R0].txt
2014-11-14 12:22 - 2014-11-14 12:22 - 00001889 _____ () C:\Users\fsc\Desktop\AdwCleaner[S0].txt
2014-11-14 10:32 - 2014-11-14 12:18 - 00000000 ____D () C:\AdwCleaner
2014-11-14 10:11 - 2014-11-17 10:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 10:10 - 2014-11-14 10:10 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-14 10:10 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-14 10:10 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-14 10:10 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-14 10:08 - 2014-11-14 10:08 - 01706808 _____ (Thisisu) C:\Users\fsc\Desktop\JRT.exe
2014-11-14 10:07 - 2014-11-14 10:07 - 02140160 _____ () C:\Users\fsc\Desktop\AdwCleaner_4.101.exe
2014-11-14 10:06 - 2014-11-14 10:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\fsc\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-13 09:56 - 2014-11-13 09:56 - 00012994 _____ () C:\ComboFix.txt
2014-11-12 21:54 - 2014-11-13 09:57 - 00000000 ____D () C:\Qoobox
2014-11-12 21:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-12 21:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-12 21:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-12 21:53 - 2014-11-13 09:51 - 00000000 ____D () C:\Windows\erdnt
2014-11-12 21:48 - 2014-11-12 21:48 - 05597734 ____R (Swearware) C:\Users\fsc\Desktop\ComboFix.exe
2014-11-12 14:32 - 2014-11-12 14:32 - 00009184 _____ () C:\Users\fsc\Desktop\Gmer 19357 Log 141112 1431.log
2014-11-12 14:07 - 2014-11-17 13:32 - 00028873 _____ () C:\Users\fsc\Desktop\FRST.txt
2014-11-12 14:07 - 2014-11-14 12:42 - 00015762 _____ () C:\Users\fsc\Desktop\Addition.txt
2014-11-12 14:06 - 2014-11-17 13:31 - 00000000 ____D () C:\FRST
2014-11-12 14:05 - 2014-11-12 14:06 - 00000468 _____ () C:\Users\fsc\Desktop\defogger_disable.log
2014-11-12 14:05 - 2014-11-12 14:05 - 00000000 _____ () C:\Users\fsc\defogger_reenable
2014-11-12 13:58 - 2014-11-12 13:58 - 00380416 _____ () C:\Users\fsc\Desktop\Gmer-19357.exe
2014-11-12 13:50 - 2014-11-17 13:31 - 01108992 _____ (Farbar) C:\Users\fsc\Desktop\FRST.exe
2014-11-12 13:47 - 2014-11-12 13:47 - 00050477 _____ () C:\Users\fsc\Desktop\Defogger.exe
2014-11-07 21:57 - 2014-11-07 21:57 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-07 21:45 - 2014-11-07 21:46 - 24743106 _____ () C:\Users\fsc\Downloads\vlc-2.1.5-win32.exe
2014-11-07 21:02 - 2014-11-07 21:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-31 18:53 - 2014-10-31 18:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-31 18:52 - 2014-10-31 18:52 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-31 18:51 - 2014-11-07 21:36 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\Documents\samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\AppData\Local\Samsung
2014-10-31 18:28 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-10-31 18:28 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-31 18:27 - 2014-04-30 19:47 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\Program Files\Samsung
2014-10-31 18:03 - 2014-10-31 18:03 - 00000000 ____D () C:\Users\fsc\AppData\Local\Downloaded Installations
2014-10-31 17:37 - 2014-10-31 17:38 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\fsc\Downloads\KiesSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 13:11 - 2012-05-14 07:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 13:06 - 2014-01-22 13:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 12:27 - 2012-02-07 01:47 - 01326384 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 12:11 - 2012-05-14 07:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-17 12:11 - 2012-02-13 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-17 11:06 - 2014-01-22 13:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 10:49 - 2012-02-07 01:55 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 10:28 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 10:28 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 10:27 - 2014-01-09 20:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-17 10:21 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 10:21 - 2009-07-14 05:39 - 00334320 _____ () C:\Windows\setupact.log
2014-11-16 00:56 - 2014-09-04 10:36 - 00000000 ___RD () C:\Users\fsc\Dropbox
2014-11-16 00:40 - 2014-09-04 10:27 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Dropbox
2014-11-15 06:28 - 2014-09-04 10:36 - 00001009 _____ () C:\Users\fsc\Desktop\Dropbox.lnk
2014-11-15 06:28 - 2014-09-04 10:32 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:19 - 2012-02-07 08:41 - 00018962 _____ () C:\Windows\PFRO.log
2014-11-14 10:30 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2014-11-13 09:56 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-13 09:56 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-13 09:50 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-13 09:16 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc\AppData\Local\VirtualStore
2014-11-12 14:05 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc
2014-11-07 21:57 - 2012-03-20 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-07 21:22 - 2012-02-09 18:46 - 00000000 ____D () C:\Users\fsc\AppData\Local\Adobe
2014-11-07 21:09 - 2013-12-20 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 21:05 - 2012-02-07 09:56 - 00000000 ____D () C:\Users\fsc\AppData\Local\Thunderbird
2014-11-07 21:04 - 2012-06-22 07:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-31 18:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-31 18:27 - 2012-02-10 00:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-18 19:17 - 2014-03-28 15:35 - 08601600 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

Some content of TEMP:
====================
C:\Users\fsc\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2z_svd.dll
C:\Users\fsc\AppData\Local\temp\Quarantine.exe
C:\Users\fsc\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
default                 {current}
resumeobject            {44eb0b49-41fe-11e3-84f4-806e6f6e6963}
displayorder            {current}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  de-DE
recoverysequence        {853608c8-41fd-11e3-873a-a2071d736002}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {44eb0b49-41fe-11e3-84f4-806e6f6e6963}

Windows-Startladeprogramm
-------------------------
Bezeichner              {853608c8-41fd-11e3-873a-a2071d736002}
device                  ramdisk=[C:]\Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\Winre.wim,{853608c9-41fd-11e3-873a-a2071d736002}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (wiederhergestellt) 
locale                  
osdevice                ramdisk=[C:]\Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\Winre.wim,{853608c9-41fd-11e3-873a-a2071d736002}
systemroot              \windows
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {44eb0b49-41fe-11e3-84f4-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE

Ger„teoptionen
--------------
Bezeichner              {853608c9-41fd-11e3-873a-a2071d736002}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\boot.sdi



LastRegBack: 2014-11-15 08:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition-log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 03
Ran by fsc at 2014-11-17 13:32:30
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Dropbox (HKU\S-1-5-21-980341799-358424455-1386240906-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
FOTOParadies (HKLM\...\{8E47D8C1-8F4D-4356-9B2B-1A202956B778}}_is1) (Version: 3.5.0.1 - Foto Online Service GmbH)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PhotoRescue Pro (HKLM\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.9 - Essential Data Tools)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype™ 5.8 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.156 - Skype Technologies S.A.)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-11-13 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D19EE30-0F02-4C1F-8086-9E0142F6EBEF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {25F4BE48-FD5A-4462-89EC-56DCE66BDD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {4A07C489-E702-4E22-AE64-1F8CEF4D0F04} - System32\Tasks\{768A6CB9-F96E-4159-B0C7-FC9A6D871AF5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {55F383D5-DED7-4256-9E06-6804945B8D58} - System32\Tasks\{F32DFB14-5636-4EA4-A95C-E2BFABF3ACF6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {5E9C35F3-EFAD-4966-B533-275540ACEB00} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C5BA4815-87F4-40A9-86FE-F40591AB337C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {C7128B80-7B08-4442-BC81-0E4B2D0CC942} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17] (Adobe Systems Incorporated)
Task: {CB9A6B64-558D-4CA9-9123-F8B57E14BB82} - System32\Tasks\{E1C01AB0-A45E-44E2-9F5F-F1A5ED1A6F98} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2003-08-29 10:24 - 2003-08-29 10:24 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2012-02-14 10:24 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-20 19:15 - 2014-11-07 21:08 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-980341799-358424455-1386240906-500 - Administrator - Disabled)
fsc (S-1-5-21-980341799-358424455-1386240906-1000 - Administrator - Enabled) => C:\Users\fsc
Gast (S-1-5-21-980341799-358424455-1386240906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-980341799-358424455-1386240906-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 08:25:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/15/2014 08:24:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/15/2014 07:39:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e310
Name des fehlerhaften Moduls: wwlib.dll, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e39d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b8a488
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (11/14/2014 01:07:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/14/2014 01:06:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/17/2014 11:28:41 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/17/2014 10:57:40 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/17/2014 10:57:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/17/2014 10:21:33 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/17/2014 10:21:33 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/17/2014 10:21:32 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/17/2014 10:21:32 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/17/2014 04:35:28 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/17/2014 04:35:28 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/17/2014 04:35:26 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (11/15/2014 08:25:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/15/2014 08:24:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe

Error: (11/15/2014 07:39:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.6024.10004d83e310wwlib.dll14.0.6024.10004d83e39dc000000500b8a488f2001d0009d26c3438aC:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\Program Files\Microsoft Office\Office14\wwlib.dll146ae95d-6c92-11e4-b365-002433e8a72c

Error: (11/14/2014 01:07:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/14/2014 01:06:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe


CodeIntegrity Errors:
===================================
  Date: 2014-11-15 08:24:49.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 46%
Total physical RAM: 3039.03 MB
Available physical RAM: 1623.57 MB
Total Pagefile: 6076.34 MB
Available Pagefile: 4766.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.88 GB) (Free:27.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk) (Fixed) (Total:22.78 GB) (Free:3.27 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:29.49 GB) (Free:0.38 GB) FAT32
Drive h: (PLATINUM) (Removable) (Total:119.01 GB) (Free:107.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE3A5F1D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=88.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

shortcut-log:
Code:
ATTFilter
Users shortcut scan result (x86) Version: 16-11-2014 03
Ran by fsc at 2014-11-17 13:32:50
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Historie.lnk -> C:\Program Files\PDFCreator\History.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hilfe.lnk -> C:\Program Files\PDFCreator\PDFCreator_german.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator im Internet.lnk -> C:\Program Files\PDFCreator\PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk -> C:\Program Files\PDFCreator\languages\TransTool.exe (pdfforge  hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Unterstütze PDFCreator.lnk -> C:\Program Files\PDFCreator\Unterstütze PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk -> C:\Program Files\PDFCreator\AFPL License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files\PDFCreator\FairPlay License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files\PDFCreator\GNU License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk -> C:\Program Files\PDFCreator\Images2PDF\Images2PDF.exe (pdfforge GbR)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely\Open Freely.lnk -> C:\Program Files\Open Freely\OpenFreely.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely\Uninstall Open Freely.lnk -> C:\Program Files\Open Freely\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010-Spracheinstellungen.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Office Anytime Upgrade.lnk -> C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Hilfe für Kaspersky Internet Security.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\de\kis\context.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Lab im Internet.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kl.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Lizenzvertrag.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\de\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\de.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter Help.lnk -> C:\Program Files\Free M4a to MP3 Converter\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter Web-site.lnk -> C:\Program Files\Free M4a to MP3 Converter\homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter.lnk -> C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe (ManiacTools)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter\Uninstall the program.lnk -> C:\Program Files\Free M4a to MP3 Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies deinstallieren.lnk -> C:\Program Files\FOTOParadies\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies Support.lnk -> C:\Program Files\FOTOParadies\Resources\TeamViewer\TeamViewerQS_de.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Control Center.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Das kleine ISDN-Lexikon.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\LEXIKON.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Hinweis für die Handbücher Eumex 800.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\pabx\dokupabx.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Hinweis für die Handbücher Systemtelefone T-PX721 & Concept PX 722.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\phone\dokutpx.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eumex 800 V1.30\Konfiguration der Telefonanlage.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\800Cf.exe (T-Home)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Documentation.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\photorescuepro.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\License.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\License.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\PhotoRescue Pro.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Release Notes.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\ReleaseNotes.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Uninstall PhotoRescue Pro.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools\PhotoRescue Pro\Visit PhotoRescue Pro Homepage.lnk -> C:\Program Files\Essential Data Tools\PhotoRescue Pro\PhotoRescuePro.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Deinstallation.lnk -> C:\ProgramData\elsterformular\setup\uninstall.exe (Landesfinanzdirektion Thüringen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hotline.lnk -> C:\Program Files\ElsterFormular\bin\hotlineTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk -> C:\Program Files\ElsterFormular\bin\pica.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deinstallationsprogramm für Canon-Drucker\Deinstallationsprogramm für CARPS-Druckertreiber Ver.3.0.lnk -> C:\Program Files\Canon\PrnUninstall\CARPS Printer Driver 3.0\UNINSTAL.exe (Canon Incorporated company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BibelCarD\BibelCarD.lnk -> C:\Program Files\BibelCarD\BibelCarD.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bibel Digital\CD-ROM Bibel Edition.lnk -> C:\Users\fsc\Documents\Lutherbibel\mfbo2a32.exe (Ingenieurbüro Matthias Frey)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop Elements\Adobe Photoshop Elements.lnk -> C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop Elements\Photoshop Elements Bitte lesen.lnk -> C:\Program Files\Adobe\Photoshop Elements\Photoshop Elements Bitte lesen.wri ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\Links\Desktop.lnk -> C:\Users\fsc\Desktop ()
Shortcut: C:\Users\fsc\Links\Downloads.lnk -> C:\Users\fsc\Downloads ()
Shortcut: C:\Users\fsc\Links\Dropbox.lnk -> C:\Users\fsc\Dropbox ()
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\fsc\Dropbox ()
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\fsc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CD-ROM Bibel Edition.lnk -> C:\Users\fsc\Documents\Lutherbibel\mfbo2a32.exe (Ingenieurbüro Matthias Frey)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\Uninstall TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt Setup.exe (TrueCrypt Foundation) -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\PDFCreator\Images2PDF\Images2PDFC.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security entfernen.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i{6F6873E3-5C92-4049-B511-231A138DD090} REMOVE=ALL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E} FEEDBACK=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies.lnk -> C:\Program Files\FOTOParadies\FOTOParadies.exe (Foto Online Service GmbH) -> de
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hilfe.lnk -> C:\Program Files\ElsterFormular\bin\hilfepica.exe () -> -collectionFile "C:\Program Files\ElsterFormular/hilfe/elfo.bedienung.qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Installationsverwaltung.lnk -> C:\Program Files\ElsterFormular\bin\installationsverwaltung.exe () -> --zeigeDlg
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Integritätsprüfer.lnk -> C:\Program Files\ElsterFormular\bin\integritaetspruefer.exe () -> -path "C:\Program Files\ElsterFormular"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Screenreadermodus.lnk -> C:\Program Files\ElsterFormular\bin\pica.exe () -> --sehbehindertenmodus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\fsc\Desktop\Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt Website.url -> hxxp://www.truecrypt.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOTOParadies\FOTOParadies Website.url -> hxxp://www.paradiesfotobuch.de/
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\fsc\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\fsc\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\fsc\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\fsc\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\fsc\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com

==================== End of log =============================
         

Werde jetzt noch den "zweiten Durchlauf" mit der Sicherungsfestplatte machen, da sich manche Funde auf "Kies" bezogen und ich "Kies" erst im Oktober runtergeladen hatte, um meine Handydaten auf ein neues Gerät zu übertragen.

Geändert von Johann225 (17.11.2014 um 14:09 Uhr) Grund: Log ergänzt + "Nachtrag"

Alt 17.11.2014, 19:02   #8
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Hallo Schrauber,

hier Teil 2:
...jetzt noch die logs vom zweiten Durchlauf mit der Sicherungsfestplatte. Es ergaben sich aus meiner Sicht keine zusätzlichen Befunde.
Bei der PDF-creator - software handelt es sich um "gewollte" software, die ich seit Jahren nutze - es sei denn sie wäre ungewollt durch Virus / Trojaner "verändert worden".
Nun bin ich gespannt auf das fachliche Urteil.

Eset-log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8a0735de1645349967ff80b71772677
# engine=21122
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-17 09:47:02
# local_time=2014-11-17 10:47:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 4993 47692044 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41860866 167848813 0 0
# scanned=4224
# found=0
# cleaned=0
# scan_time=308
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8a0735de1645349967ff80b71772677
# engine=21122
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-17 12:06:40
# local_time=2014-11-17 01:06:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 13371 47700422 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41869244 167857191 0 0
# scanned=323841
# found=2
# cleaned=0
# scan_time=8289
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fsc\Downloads\pdfcreator-1_2_3_setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8a0735de1645349967ff80b71772677
# engine=21128
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-17 03:57:37
# local_time=2014-11-17 04:57:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 27228 47714279 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41883101 167871048 0 0
# scanned=386240
# found=2
# cleaned=0
# scan_time=10986
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fsc\Downloads\pdfcreator-1_2_3_setup.exe"
         
Security-Check-log:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.0.3) 
 Mozilla Thunderbird (31.2.0) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Neues FRST-log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 03
Ran by fsc (administrator) on FSC-PC on 17-11-2014 18:17:40
Running from C:\Users\fsc\Desktop
Loaded Profile: fsc (Available profiles: fsc)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-02-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-980341799-358424455-1386240906-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0EB53CFC72E5CC01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-maps.xml
FF Extension: DownloadHelper - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Adblock Plus - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-20]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-20]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-09] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [133664 2012-02-10] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-10-22] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\fsc\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys C2FBF6D271D9A94D839C416BF186EAD9
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\system32\drivers\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys D0A6C0CEB3B74A91884F804FF4F031C0
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C
C:\Windows\System32\DRIVERS\klflt.sys 7C731AA78B9FB5B197A4506B63D5A248
C:\Windows\System32\DRIVERS\klif.sys 72D91384E7E0A8F6C559AA87D81F4DE2
C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96
C:\Windows\System32\DRIVERS\klkbdflt.sys CC0909694768C302B89CC040436ECABC
C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3
C:\Windows\System32\DRIVERS\klpd.sys EB0D72D2844C57F5F146D7A15B04FBF9
C:\Windows\System32\DRIVERS\kltdi.sys 040A3BC4AF5A0430A1D9A758F076465E
C:\Windows\System32\DRIVERS\kneps.sys 4D19D96447E160A7E4B479037761BBC1
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys D2DED3C333A5D9CB3F4C244B0F0DD877
C:\Windows\system32\drivers\mwac.sys 7A6526C8BD114DB7CA8930AB22D52A0B
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIV.sys 87407B31EA6FF0DC4765258164B98BEA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 8B7C1768D2CDE2E02E09A66563DDFD16
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\VSTAZL3.SYS E00FDFAFF025E94F9821153750C35A6D
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssadbus.sys 64E44ACD8C238FCBBB78F0BA4BDC4B05
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\DRIVERS\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\truecrypt.sys 746B8CF9CEDEDDD865472544EDF626DA
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x86.sys B07C5B7EFDF936FF93D4F540938725BE

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 18:16 - 2014-11-17 18:16 - 00000785 _____ () C:\Users\fsc\Desktop\checkup 141117 1816.txt
2014-11-17 13:31 - 2014-11-17 13:31 - 00000000 ____D () C:\Users\fsc\Desktop\FRST-OlderVersion 141107
2014-11-17 13:30 - 2014-11-17 13:30 - 00000785 _____ () C:\Users\fsc\Desktop\checkup 141117 1330.txt
2014-11-17 10:37 - 2014-11-17 10:37 - 00000000 ____D () C:\Program Files\ESET
2014-11-17 10:36 - 2014-11-17 10:36 - 00854448 _____ () C:\Users\fsc\Desktop\SecurityCheck.exe
2014-11-17 10:35 - 2014-11-17 10:35 - 02347384 _____ (ESET) C:\Users\fsc\Desktop\esetsmartinstaller_deu.exe
2014-11-14 15:32 - 2014-11-14 15:32 - 00002860 _____ () C:\Users\fsc\Desktop\mbam-log-2014-11-14 (10-12-21).xml
2014-11-14 12:36 - 2014-11-17 13:32 - 00033155 _____ () C:\Users\fsc\Desktop\Shortcut.txt
2014-11-14 12:33 - 2014-11-14 12:33 - 00000753 _____ () C:\Users\fsc\Desktop\JRT 141114 1233.txt
2014-11-14 12:32 - 2014-11-14 12:32 - 00000753 _____ () C:\Users\fsc\Desktop\JRT.txt
2014-11-14 12:30 - 2014-11-14 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-11-14 12:25 - 2014-11-14 10:34 - 00001828 _____ () C:\Users\fsc\Desktop\AdwCleaner[R0].txt
2014-11-14 12:22 - 2014-11-14 12:22 - 00001889 _____ () C:\Users\fsc\Desktop\AdwCleaner[S0].txt
2014-11-14 10:32 - 2014-11-14 12:18 - 00000000 ____D () C:\AdwCleaner
2014-11-14 10:11 - 2014-11-17 10:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 10:10 - 2014-11-14 10:10 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 10:10 - 2014-11-14 10:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-14 10:10 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-14 10:10 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-14 10:10 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-14 10:08 - 2014-11-14 10:08 - 01706808 _____ (Thisisu) C:\Users\fsc\Desktop\JRT.exe
2014-11-14 10:07 - 2014-11-14 10:07 - 02140160 _____ () C:\Users\fsc\Desktop\AdwCleaner_4.101.exe
2014-11-14 10:06 - 2014-11-14 10:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\fsc\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-13 09:56 - 2014-11-13 09:56 - 00012994 _____ () C:\ComboFix.txt
2014-11-12 21:54 - 2014-11-13 09:57 - 00000000 ____D () C:\Qoobox
2014-11-12 21:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-12 21:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-12 21:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-12 21:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-12 21:53 - 2014-11-13 09:51 - 00000000 ____D () C:\Windows\erdnt
2014-11-12 21:48 - 2014-11-12 21:48 - 05597734 ____R (Swearware) C:\Users\fsc\Desktop\ComboFix.exe
2014-11-12 14:32 - 2014-11-12 14:32 - 00009184 _____ () C:\Users\fsc\Desktop\Gmer 19357 Log 141112 1431.log
2014-11-12 14:07 - 2014-11-17 18:17 - 00028990 _____ () C:\Users\fsc\Desktop\FRST.txt
2014-11-12 14:07 - 2014-11-17 13:32 - 00021764 _____ () C:\Users\fsc\Desktop\Addition.txt
2014-11-12 14:06 - 2014-11-17 18:17 - 00000000 ____D () C:\FRST
2014-11-12 14:05 - 2014-11-12 14:06 - 00000468 _____ () C:\Users\fsc\Desktop\defogger_disable.log
2014-11-12 14:05 - 2014-11-12 14:05 - 00000000 _____ () C:\Users\fsc\defogger_reenable
2014-11-12 13:58 - 2014-11-12 13:58 - 00380416 _____ () C:\Users\fsc\Desktop\Gmer-19357.exe
2014-11-12 13:50 - 2014-11-17 13:31 - 01108992 _____ (Farbar) C:\Users\fsc\Desktop\FRST.exe
2014-11-12 13:47 - 2014-11-12 13:47 - 00050477 _____ () C:\Users\fsc\Desktop\Defogger.exe
2014-11-07 21:57 - 2014-11-07 21:57 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-07 21:45 - 2014-11-07 21:46 - 24743106 _____ () C:\Users\fsc\Downloads\vlc-2.1.5-win32.exe
2014-11-07 21:02 - 2014-11-07 21:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-31 18:53 - 2014-10-31 18:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-31 18:52 - 2014-10-31 18:52 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-31 18:51 - 2014-11-07 21:36 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\Documents\samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\AppData\Local\Samsung
2014-10-31 18:28 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-10-31 18:28 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-31 18:27 - 2014-04-30 19:47 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\Program Files\Samsung
2014-10-31 18:03 - 2014-10-31 18:03 - 00000000 ____D () C:\Users\fsc\AppData\Local\Downloaded Installations
2014-10-31 17:37 - 2014-10-31 17:38 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\fsc\Downloads\KiesSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 18:11 - 2012-05-14 07:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 18:06 - 2014-01-22 13:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 13:52 - 2012-02-07 01:55 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 12:27 - 2012-02-07 01:47 - 01326384 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 12:11 - 2012-05-14 07:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-17 12:11 - 2012-02-13 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-17 11:06 - 2014-01-22 13:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 10:28 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 10:28 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 10:27 - 2014-01-09 20:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-17 10:21 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 10:21 - 2009-07-14 05:39 - 00334320 _____ () C:\Windows\setupact.log
2014-11-16 00:56 - 2014-09-04 10:36 - 00000000 ___RD () C:\Users\fsc\Dropbox
2014-11-16 00:40 - 2014-09-04 10:27 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Dropbox
2014-11-15 06:28 - 2014-09-04 10:36 - 00001009 _____ () C:\Users\fsc\Desktop\Dropbox.lnk
2014-11-15 06:28 - 2014-09-04 10:32 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:19 - 2012-02-07 08:41 - 00018962 _____ () C:\Windows\PFRO.log
2014-11-14 10:30 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2014-11-13 09:56 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-13 09:56 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-13 09:50 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-13 09:16 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc\AppData\Local\VirtualStore
2014-11-12 14:05 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc
2014-11-07 21:57 - 2012-03-20 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-07 21:22 - 2012-02-09 18:46 - 00000000 ____D () C:\Users\fsc\AppData\Local\Adobe
2014-11-07 21:09 - 2013-12-20 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 21:05 - 2012-02-07 09:56 - 00000000 ____D () C:\Users\fsc\AppData\Local\Thunderbird
2014-11-07 21:04 - 2012-06-22 07:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-31 18:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-31 18:27 - 2012-02-10 00:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-18 19:17 - 2014-03-28 15:35 - 08601600 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

Some content of TEMP:
====================
C:\Users\fsc\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2z_svd.dll
C:\Users\fsc\AppData\Local\temp\Quarantine.exe
C:\Users\fsc\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
default                 {current}
resumeobject            {44eb0b49-41fe-11e3-84f4-806e6f6e6963}
displayorder            {current}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  de-DE
recoverysequence        {853608c8-41fd-11e3-873a-a2071d736002}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {44eb0b49-41fe-11e3-84f4-806e6f6e6963}

Windows-Startladeprogramm
-------------------------
Bezeichner              {853608c8-41fd-11e3-873a-a2071d736002}
device                  ramdisk=[C:]\Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\Winre.wim,{853608c9-41fd-11e3-873a-a2071d736002}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (wiederhergestellt) 
locale                  
osdevice                ramdisk=[C:]\Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\Winre.wim,{853608c9-41fd-11e3-873a-a2071d736002}
systemroot              \windows
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {44eb0b49-41fe-11e3-84f4-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE

Ger„teoptionen
--------------
Bezeichner              {853608c9-41fd-11e3-873a-a2071d736002}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3e09f94a-40ae-11e1-9d39-be244eb69d81\boot.sdi



LastRegBack: 2014-11-15 08:24

==================== End Of Log ============================
         
--- --- ---


Addition neu:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 03
Ran by fsc at 2014-11-17 18:18:12
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Dropbox (HKU\S-1-5-21-980341799-358424455-1386240906-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
FOTOParadies (HKLM\...\{8E47D8C1-8F4D-4356-9B2B-1A202956B778}}_is1) (Version: 3.5.0.1 - Foto Online Service GmbH)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PhotoRescue Pro (HKLM\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.9 - Essential Data Tools)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype™ 5.8 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.156 - Skype Technologies S.A.)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-11-13 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D19EE30-0F02-4C1F-8086-9E0142F6EBEF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {25F4BE48-FD5A-4462-89EC-56DCE66BDD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {4A07C489-E702-4E22-AE64-1F8CEF4D0F04} - System32\Tasks\{768A6CB9-F96E-4159-B0C7-FC9A6D871AF5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {55F383D5-DED7-4256-9E06-6804945B8D58} - System32\Tasks\{F32DFB14-5636-4EA4-A95C-E2BFABF3ACF6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {5E9C35F3-EFAD-4966-B533-275540ACEB00} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C5BA4815-87F4-40A9-86FE-F40591AB337C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {C7128B80-7B08-4442-BC81-0E4B2D0CC942} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17] (Adobe Systems Incorporated)
Task: {CB9A6B64-558D-4CA9-9123-F8B57E14BB82} - System32\Tasks\{E1C01AB0-A45E-44E2-9F5F-F1A5ED1A6F98} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2003-08-29 10:24 - 2003-08-29 10:24 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2012-02-14 10:24 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-20 19:15 - 2014-11-07 21:08 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-980341799-358424455-1386240906-500 - Administrator - Disabled)
fsc (S-1-5-21-980341799-358424455-1386240906-1000 - Administrator - Enabled) => C:\Users\fsc
Gast (S-1-5-21-980341799-358424455-1386240906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-980341799-358424455-1386240906-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 08:25:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/15/2014 08:24:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/15/2014 07:39:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e310
Name des fehlerhaften Moduls: wwlib.dll, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e39d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b8a488
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (11/14/2014 01:07:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/14/2014 01:06:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/17/2014 02:04:25 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/17/2014 02:04:20 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/17/2014 11:28:41 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/17/2014 10:57:40 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/17/2014 10:57:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/17/2014 10:21:33 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/17/2014 10:21:33 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/17/2014 10:21:32 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/17/2014 10:21:32 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/17/2014 04:35:28 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (11/15/2014 08:25:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/15/2014 08:24:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe

Error: (11/15/2014 07:39:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.6024.10004d83e310wwlib.dll14.0.6024.10004d83e39dc000000500b8a488f2001d0009d26c3438aC:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\Program Files\Microsoft Office\Office14\wwlib.dll146ae95d-6c92-11e4-b365-002433e8a72c

Error: (11/14/2014 01:07:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/14/2014 01:06:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe


CodeIntegrity Errors:
===================================
  Date: 2014-11-15 08:24:49.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 08:24:49.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 48%
Total physical RAM: 3039.03 MB
Available physical RAM: 1559.6 MB
Total Pagefile: 6076.34 MB
Available Pagefile: 4758.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.88 GB) (Free:27.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk) (Fixed) (Total:22.78 GB) (Free:3.27 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:29.49 GB) (Free:0.38 GB) FAT32
Drive h: (PLATINUM) (Removable) (Total:119.01 GB) (Free:107.54 GB) FAT32
Drive i: (Elements) (Fixed) (Total:465.76 GB) (Free:312.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE3A5F1D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=88.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00029AA0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich würde nun als nächstes die "Deinstallationen" vornehmen.
Spricht bei diesem Stand nun etwas gegen eine neue und aktuelle Datensicherung?
(besonders "Thundersave"?) und deren Übertragung auf einen anderen Rechner?

Danke und Gruß
Johann225

Alt 18.11.2014, 11:19   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Datensicherung kannste machen. PDF wird nur angemeckert weil der ne Toolbar mit installieren kann, sonst nix

Adobe updaten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.11.2014, 11:34   #10
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Die Antwort fasse ich so auf, dass "wir jetzt mit der Bereinigung durch sind", oder?
Da bin ich sehr dankbar für die Unterstützung und Begleitung - das gibt doch Rückhalt / Sicherheit - und ich fühl mich nun mit dem "bereinigten Rechner" deutlich besser...

Dann setz ich jetzt "Deinstallation und Datensicherung" in die Tat um.

Danke nochmals und Gruß
Johann225

Alt 19.11.2014, 08:28   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Mach das


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.11.2014, 10:54   #12
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Hallo Schrauber,
danke für die umfangreiche Anleitung. Die werde ich auf jeden Fall umsetzen.
Vielleicht hab ich mich "zu früh gefreut", denn gestern hatte ich dann abends Probleme mit meinem gmx-account und wieder ein Fenster, dass mich zur Passworteingabe aufforderte, statt meine Mails abzurufen.
Nun habe ich vorsichtshalber mit einem anderen Rechner die Passwörter meiner Accounts geändert.
Werde jetzt zunächst trotzdem eine Datensicherung (auch meines Thunderbird) anfertigen.
Und dann bin ich etwas ängstlich/ratlos, ob da alles von vorne beginnt.
Wie sieht das der Profi?

LG Johann225

Alt 19.11.2014, 19:04   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Passwörter ändern ist bei Befall Pflicht, aber malwaretechnisch sind die Logs sauber ,.

Ändere das und beobachte mal
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.11.2014, 22:09   #14
Johann225
 
Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



Ja, danke. Passwörter sind die wichtigsten durch... - hat geklappt.
Hab jetzt ne thundersave gemacht und mach grad endlos windows-updates (das war Stand 2012 oder so...
Wenn windows aktuell ist, dann geht es an die "Deinstallation".
Danke für die super Hilfe.
Gruß Johann225

Alt 20.11.2014, 18:49   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Standard

Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts
adware, ausgangsserver verändert, browser, converter, defender, ebanking, error, fehlercode 0x5, fehlercode 0xe0434352, fehlercode 28, fehlercode windows, firefox, flash player, homepage, kaspersky, mail-account gehakt, mozilla, mp3, registry, security, services.exe, spontane fenster, svchost.exe, system, windows




Ähnliche Themen: Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts


  1. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  2. Windows 7: Kaspersky findet C:\$RECYCLEBIN Trojaner und E-Mail account gehackt?
    Log-Analyse und Auswertung - 14.07.2014 (13)
  3. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  4. Kaspersky findet Bedrohungen der Kategorie "Andere" und kann sie nicht beheben
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (17)
  5. Mail-Adresse gehackt? - "keineantwortadresse@web.de" - Mail-Flut
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  6. Unmengen "Undeliverable Mail"-Eingänge, mail-Account jetzt gesperrt
    Log-Analyse und Auswertung - 15.10.2013 (9)
  7. "LH Bestätigung"--trojaner versucht zu öffnen/antimalwarbyte findet nichts
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (3)
  8. Virus "exp/cve-2012-1723.A.597" von antivir gefunden; malware-bytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (29)
  9. Befall mit "Programm kann Fenster nicht öffnen..:"-Trojaner: NICHTs geht mehr :(
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (7)
  10. "hermes_v01" - mail account virus?
    Log-Analyse und Auswertung - 22.08.2012 (3)
  11. Avira hat "EXP/JAVA.Ternub.Gen" gemeldet und es wurde eine Spam Mail vom GMX Account versendet
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (8)
  12. Account "Gehackt", evtl. ein Virus o.ä!
    Log-Analyse und Auswertung - 12.05.2012 (5)
  13. Wurde mein Rapidshare-Account durch einen Keylogger, etc. "gehackt"?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (0)
  14. Win XP Start " Net Reactor 10 Fenster"danach "Firefox Problem 2 Fenster" danach "Blue Screen"
    Log-Analyse und Auswertung - 09.07.2011 (3)
  15. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  16. ICQ-Account über Trojaner(?) "Fotoalbum.exe" gehackt- weitere Gefährdung meiner Daten?
    Log-Analyse und Auswertung - 18.11.2010 (1)
  17. Norton Fenster "E-Mail-Fehler" Potenzpillen Spammails
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (0)

Zum Thema Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts - Hallo werte Forumsteilnehmer, hatte letzte Woche einen gehackten Mail-Account (arcor) in meinem Mailprogramm (thunderbird - läuft mit windows 7 / upgrade von vista). Arcor hatte mich dann gesperrt wegen Spammail-Versand - Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts...
Archiv
Du betrachtest: Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.