Kaspersky hat Win32.Generic gemeldet, aber nicht mehr zu finden

Lloreter · 06.12.2014, 12:53

Hallo Malwarebekämpfer

muss aus eigener Unsicherheit mal wieder eure Hilfe in Anspruch nehmen.
Gefühlt ist der Lap schon etwas langsamer geworden, was ich noch akzeptieren konnte.
Aber heute kam beim Scan eine Warnung von Kaspersky:

Zitat:

Typ: trojanisches Programm (1)
HEUR:Trojan-Downloader.Win32.Generic Gefunden; nicht verarbeitet 05.12.2014 18:42:56
C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\ firefox.com

(Ich frage mich, was eine "firefox.com" im Malwarebytes-Ordner verloren hat)

Ich habe sofort die firefox.com bei Virustotal hochgeladen, aber keine Funde.
Auch das Virus-Labor von Kaspersky fand nichts.
Bei nachträglichem manuellen Scan mit Kasper von Datei und ganzem Ordner auch keine Meldung mehr.

Trotzdem bin ich mir unsicher, weil nach diesen Aktionen der Rechner zwischendurch mal ganz langsam und die Maus ruckelig wurde.

Daher wäre es mir lieb, wenn mal jemand durchschaut.
Daher hier mal ein paar Scans.

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Christine (administrator) on MAUSIIHRLAP on 06-12-2014 11:43:16
Running from C:\Users\Christine\Desktop
Loaded Profiles: Christine & UpdatusUser (Available profiles: Christine & UpdatusUser & Mausi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxczcoms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11106408 2010-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-28] (cyberlink)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-29] (Google Inc.)
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\MountPoints2: {2434de9d-5456-11e3-a95b-001e101f4da1} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\MountPoints2: {2434deac-5456-11e3-a95b-001e101f4da1} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\MountPoints2: {62a2d970-55d1-11e3-bb5d-4cedde80a9c6} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\MountPoints2: {bade74e2-5839-11e3-a823-4cedde80a9c6} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\MountPoints2: {d50fac75-0ae9-11e2-ae49-4cedde80a9c6} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\...\MountPoints2: {d50facfc-0ae9-11e2-ae49-4cedde80a9c6} - F:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3833009200-3102309602-1345092619-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3833009200-3102309602-1345092619-1000 -> {B3A0E9A2-B4F1-41EC-B20D-3B001D9F6759} URL = http://www.bing.com/search?FORM=SMSTDF&PC=MASM&q={searchTerms}&src=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3833009200-3102309602-1345092619-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3833009200-3102309602-1345092619-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: FoxyProxy Standard - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\foxyproxy@eric.h.jung [2014-09-08]
FF Extension: Google Toolbar for Firefox - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-12-06]
FF Extension: DownloadHelper - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: anonymoX - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\client@anonymox.net.xpi [2013-07-18]
FF Extension: Add-on Compatibility Reporter - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-12-06]
FF Extension: Google Translator for Firefox - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\translator@zoli.bod.xpi [2013-11-29]
FF Extension: Malware Search - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2012-07-05]
FF Extension: NoScript - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-12]
FF Extension: Adblock Plus - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-31]
FF Extension: User Agent Switcher - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\ciq28ghf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-08] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-06-19] (Adobe Systems) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-13] (Kaspersky Lab ZAO)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [26600 2013-10-08] (CyberGhost S.R.L)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-09-03] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-06-22] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-07-03] (Vodafone) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-13] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-13] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-01-28] (Windows (R) 2003 DDK 3790 provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 11:43 - 2014-12-06 11:45 - 00025798 _____ () C:\Users\Christine\Desktop\FRST.txt
2014-12-06 11:43 - 2014-12-06 11:43 - 00000000 ____D () C:\FRST
2014-12-06 11:42 - 2014-12-06 11:42 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-06 11:40 - 2014-12-06 11:40 - 02153472 _____ () C:\Users\Christine\Desktop\AdwCleaner_4.104.exe
2014-12-06 11:39 - 2014-12-06 11:39 - 02117632 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe
2014-12-06 11:11 - 2014-12-06 11:11 - 00000022 _____ () C:\Windows\S.dirmngr
2014-12-05 22:27 - 2014-12-05 22:28 - 00000202 _____ () C:\Users\Christine\Desktop\trojan.txt
2014-12-04 11:23 - 2014-12-04 11:23 - 00000000 ____D () C:\Windows\pss
2014-12-02 00:47 - 2014-12-02 00:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 11:21 - 2014-12-06 11:11 - 00000336 _____ () C:\Windows\setupact.log
2014-12-01 11:21 - 2014-12-01 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-27 22:54 - 2014-11-27 22:54 - 00000000 __SHD () C:\Users\Christine\AppData\Local\EmieBrowserModeList
2014-11-19 11:27 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:27 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:27 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:27 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 11:20 - 2014-11-19 11:20 - 06126536 _____ (Tim Kosse) C:\Users\Christine\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-18 01:17 - 2014-11-18 01:17 - 00000000 _____ () C:\Windows\SysWOW64\sho1322.tmp
2014-11-12 22:28 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 22:28 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 22:28 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 22:28 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 22:28 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 22:28 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 22:28 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 22:28 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 22:28 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 22:28 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 22:28 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 22:28 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 22:28 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 22:28 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 22:28 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 22:28 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 22:28 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 22:28 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 22:28 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 22:28 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 22:28 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 22:28 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 22:28 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 22:28 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 22:28 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 22:28 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 22:28 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 22:28 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 22:27 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 22:27 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 22:27 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 22:27 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 22:27 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 22:27 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 22:27 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 22:27 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 22:27 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 22:27 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 22:27 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 22:27 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 22:27 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 22:27 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 22:27 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 22:27 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 22:27 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 22:27 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 22:27 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 22:27 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 22:27 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 22:27 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 22:27 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 22:27 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 22:27 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 22:27 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 22:27 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 22:27 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 22:27 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 22:27 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 22:27 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 22:27 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 22:27 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 22:27 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 22:27 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 22:27 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 22:27 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 22:27 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 22:27 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 22:27 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 22:27 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 22:27 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 22:27 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 22:27 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 22:26 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 22:26 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 22:26 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 22:26 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 22:26 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 22:26 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 22:26 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 22:26 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 22:26 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 22:26 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 22:26 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 22:26 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 22:26 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 22:26 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 22:26 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 22:26 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 22:26 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 22:26 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 22:26 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 22:26 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 22:26 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 22:26 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 22:26 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 22:26 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 22:26 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 22:26 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 22:26 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 22:26 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 22:26 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 22:12 - 2014-11-12 22:12 - 00000000 ____D () C:\Users\Christine\AppData\Local\Wacom
2014-11-12 22:12 - 2014-11-12 22:12 - 00000000 ____D () C:\Users\Christine\.android
2014-11-11 22:10 - 2014-11-12 22:12 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\WTablet
2014-11-11 21:50 - 2014-11-11 21:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett
2014-11-11 21:50 - 2014-11-11 21:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-11-11 21:50 - 2014-11-11 21:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2014-11-11 21:50 - 2014-11-11 21:50 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-11-11 21:50 - 2014-11-11 21:50 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-11-11 21:50 - 2014-10-07 00:54 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2014-11-11 21:48 - 2014-11-11 21:50 - 00000000 ____D () C:\Program Files\Tablet
2014-11-11 21:48 - 2014-11-04 19:49 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01995544 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01988888 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01863448 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01617176 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01610008 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-11-11 21:48 - 2014-10-07 00:54 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2014-11-11 21:48 - 2014-10-07 00:54 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-11-11 21:48 - 2012-12-11 23:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2014-11-06 01:09 - 2014-11-06 01:09 - 00000000 _____ () C:\Windows\SysWOW64\sho90E8.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 11:42 - 2014-04-13 17:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 11:42 - 2014-04-13 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-06 11:42 - 2014-04-13 17:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 11:26 - 2012-06-22 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-06 11:23 - 2011-12-05 17:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-06 11:23 - 2009-07-14 05:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 11:23 - 2009-07-14 05:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 11:21 - 2010-10-23 03:55 - 01854738 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 11:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-06 11:12 - 2013-12-29 00:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 11:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 01:05 - 2013-12-29 00:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 22:31 - 2013-10-26 10:55 - 00377344 ___SH () C:\Users\Christine\Desktop\Thumbs.db
2014-12-03 11:25 - 2014-06-05 00:06 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1383004141
2014-12-03 11:25 - 2013-10-29 00:49 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-03 11:14 - 2013-01-07 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 13:01 - 2012-09-26 21:46 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\TeamViewer
2014-11-30 12:53 - 2011-12-06 18:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 12:18 - 2013-04-26 22:35 - 00001840 _____ () C:\Windows\Sandboxie.ini
2014-11-30 11:34 - 2013-05-10 22:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-27 12:26 - 2012-06-22 18:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 12:26 - 2012-06-22 18:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 12:26 - 2012-06-22 18:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-21 06:14 - 2014-04-13 17:44 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-04-13 17:44 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2011-12-07 23:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 01:22 - 2011-12-07 18:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\SoftGrid Client
2014-11-19 11:22 - 2013-10-26 16:13 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\FileZilla
2014-11-19 11:21 - 2013-10-26 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-11-19 11:21 - 2013-10-26 16:13 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-11-14 12:30 - 2013-10-26 20:56 - 00000000 ____D () C:\Users\Christine\Webseite
2014-11-13 22:00 - 2013-12-29 00:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 22:00 - 2013-12-29 00:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 11:20 - 2009-07-14 05:45 - 00282056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 01:31 - 2014-05-06 23:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 01:24 - 2013-08-15 23:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 01:19 - 2011-12-06 15:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 22:12 - 2011-12-05 16:42 - 00000000 ____D () C:\Users\Christine

Files to move or delete:
====================
C:\Users\Christine\cjq1200Win7de.exe


Some content of TEMP:
====================
C:\Users\Christine\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Mausi\AppData\Local\Temp\rtdrvmon.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 14:59

==================== End Of Log ============================

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Christine at 2014-12-06 11:45:40
Running from C:\Users\Christine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alle meine Passworte 4.12 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
BatteryLifeExtender (HKLM-x32\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Conexant Polaris Unused CIR Function (HKLM\...\Uninstaller50b74a22199) (Version: 1.0.0.0 - Conexant Systems)
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3029 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.0902fb - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3815a - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3815a - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3815.52 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DNS Leak Fix for OpenVPN version 1.2 (HKLM-x32\...\{8CFA1D01-AECD-4913-9FB8-1E8A82F47824}_is1) (Version: 1.2 - dnsleaktest.com)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{1127FA07-963E-479B-AE80-B99C571E52D8}) (Version: 4.4.4 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM-x32\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version:  - Lexmark International, Inc.)
Macromedia Dreamweaver 8 (HKLM-x32\...\{44025BD7-AD10-4769-99AE-6378FD0303D6}) (Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname)
Macromedia Fireworks 8 (HKLM-x32\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MS-Buchhalter Start 3.0 (HKLM-x32\...\MS-Buchhalter Start) (Version: 3.0 - Michael Schroeder)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultimediaPOP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
Nero CoverDesigner (HKLM-x32\...\{12391E45-23F7-4DEA-ABAE-2CA69CA87D92}) (Version: 12.0.02300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
Nero WaveEditor (HKLM-x32\...\{59C6E86A-14A9-47FD-9EE8-8D9DA864E0AF}) (Version: 12.5.01300 - Nero AG)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.6.02.06270 - Sony Corporation)
PP Tunnel Manager version 1.6 (HKLM-x32\...\{B6661DC2-DFEC-4D8A-B00D-CB6C104B7BF4}_is1) (Version: 1.6 - Perfect Privacy)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RetroShare (HKLM-x32\...\RetroShare) (Version:  - )
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.21.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SRS Premium Sound Control Panel (HKLM\...\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}) (Version: 1.8.8100 - SRS Labs, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1012 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Video Grabber (HKLM\...\Uninstaller50b74a2429f) (Version: 1.0.0.0 - Conexant Systems)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.16284 - Vodafone)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-11-2014 11:42:54 Geplanter Prüfpunkt
08-11-2014 23:03:34 Geplanter Prüfpunkt
13-11-2014 00:17:21 Windows Update
20-11-2014 00:07:12 Windows Update
27-11-2014 12:07:55 Geplanter Prüfpunkt
05-12-2014 14:07:02 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06F126FD-0A7F-4B15-AFEE-7B42582C53F9} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {148A8A91-8E8F-450B-A5AC-DB9314358574} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {188FE252-3CED-48A4-ACD4-63326B7C929E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
Task: {2202FF62-8054-45E8-A518-8BF3C961BED2} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)
Task: {2333DD32-C17B-410A-BF46-1E2B4FDCB1DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {37F16A53-EDDC-4E58-8364-07C128AF901D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6993EBF1-7DD9-43CA-9DA9-1047836A3859} - System32\Tasks\Opera scheduled Autoupdate 1383004141 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software)
Task: {6EEAFBF7-1A73-4F93-8595-0388717457DC} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {72111AF1-244C-4104-9922-7A72A983B228} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {725DED43-F19E-4AA0-9381-05C621DAB24C} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {757E5938-6309-4020-B91B-1F7A79A9A343} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
Task: {86C2E7CB-A92F-46EF-AB28-D80DDC8843FD} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {9E0EDE0F-D36B-421D-9E58-5CA0003D331B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {A7E87E66-8BB6-4215-AB5F-DE34759B3784} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {B8DEAC6F-22FF-4882-B6C2-DA1706061476} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {CEC48BFD-089A-4FF2-B482-0695AFDD9390} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {D1CB389C-105F-4620-85AE-68B9FD56110A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {E9B0BD1D-BBE7-4B5C-8C03-33CD234949C7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 23:58 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-05 16:46 - 2008-06-05 00:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2011-03-02 16:20 - 2011-03-02 16:20 - 00224256 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2010-10-23 04:00 - 2009-09-03 01:30 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-11-29 12:51 - 2012-06-22 09:31 - 00386344 ____R () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-12-05 16:47 - 2010-04-21 00:44 - 00719872 _____ () C:\Windows\system32\SnMinDrv.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-11 21:48 - 2014-11-04 19:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-08-17 20:39 - 2012-12-05 23:37 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2011-03-02 16:16 - 2011-03-02 16:16 - 00208384 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2011-03-02 16:13 - 2011-03-02 16:13 - 00048640 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2011-03-02 16:11 - 2011-03-02 16:11 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2011-03-02 16:16 - 2011-03-02 16:16 - 00073216 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2011-03-02 16:17 - 2011-03-02 16:17 - 00603136 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2010-10-23 04:12 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2010-10-23 04:09 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2010-10-23 04:14 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3833009200-3102309602-1345092619-500 - Administrator - Disabled)
Christine (S-1-5-21-3833009200-3102309602-1345092619-1000 - Administrator - Enabled) => C:\Users\Christine
Gast (S-1-5-21-3833009200-3102309602-1345092619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3833009200-3102309602-1345092619-1004 - Limited - Enabled)
Mausi (S-1-5-21-3833009200-3102309602-1345092619-1005 - Limited - Enabled) => C:\Users\Mausi
UpdatusUser (S-1-5-21-3833009200-3102309602-1345092619-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2014 11:13:12 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/05/2014 04:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dpupdchk.exe, Version: 8.20.468.0, Zeitstempel: 0x4e320ba9
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000d89e
ID des fehlerhaften Prozesses: 0xde0
Startzeit der fehlerhaften Anwendung: 0xdpupdchk.exe0
Pfad der fehlerhaften Anwendung: dpupdchk.exe1
Pfad des fehlerhaften Moduls: dpupdchk.exe2
Berichtskennung: dpupdchk.exe3

Error: (12/05/2014 00:12:48 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/04/2014 11:17:27 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/03/2014 11:15:35 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/02/2014 11:15:52 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/01/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/01/2014 11:22:12 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (11/30/2014 01:00:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 5.0.0.5050 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8bc

Startzeit: 01d00c945af64bba

Endzeit: 4

Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe

Berichts-ID:

Error: (11/30/2014 11:18:11 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (12/06/2014 11:13:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/06/2014 11:13:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost VPN 5 Client Service erreicht.

Error: (12/06/2014 01:41:15 AM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 Im Text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%

Error: (12/06/2014 01:41:15 AM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 Falsche oder ungültige Erweiterung für SystemDrive: [C0000189]

Error: (12/06/2014 01:38:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/05/2014 01:05:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/04/2014 04:54:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.34
registriert werden. Der Computer mit IP-Adresse 192.168.1.33 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (12/04/2014 11:16:19 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (12/04/2014 01:22:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (12/04/2014 01:22:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (12/06/2014 11:13:12 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/05/2014 04:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dpupdchk.exe8.20.468.04e320ba9ole32.dll6.1.7601.175144ce7c92cc0000005000000000000d89ede001d0107c42c2fef1C:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Windows\system32\ole32.dll9f4dc5f1-7c94-11e4-82aa-4cedde80a9c6

Error: (12/05/2014 00:12:48 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/04/2014 11:17:27 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/03/2014 11:15:35 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/02/2014 11:15:52 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (12/01/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/01/2014 11:22:12 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (11/30/2014 01:00:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe5.0.0.50508bc01d00c945af64bba4C:\Program Files\CCleaner\CCleaner64.exe

Error: (11/30/2014 11:18:11 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


CodeIntegrity Errors:
===================================
  Date: 2014-09-17 22:48:31.334
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 22:48:31.312
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 22:48:31.256
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 22:48:31.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 22:03:34.424
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 22:03:34.411
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 12:02:03.588
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 12:02:03.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 12:02:03.517
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 12:02:03.440
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 41%
Total physical RAM: 3956.41 MB
Available physical RAM: 2294.99 MB
Total Pagefile: 7910.99 MB
Available Pagefile: 5804.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231 GB) (Free:163.34 GB) NTFS
Drive d: () (Fixed) (Total:344.27 GB) (Free:289.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9054A324)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=344.3 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=20.8 GB) - (Type=27)

==================== End Of Log ============================

Adw-Cleaner

Code:

ATTFilter

# AdwCleaner v4.104 - Bericht erstellt am 06/12/2014 um 11:52:34
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christine - MAUSIIHRLAP
# Gestartet von : C:\Users\Christine\Desktop\AdwCleaner_4.104.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v34.0 (x86 de)


-\\ Opera v26.0.1656.32


*************************

AdwCleaner[R0].txt - [817 octets] - [06/12/2014 11:49:05]
AdwCleaner[S0].txt - [739 octets] - [06/12/2014 11:52:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [798 octets] ##########

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.12.2014
Suchlauf-Zeit: 12:00:04
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.06.05
Rootkit Datenbank: v2014.12.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Christine

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410894
Verstrichene Zeit: 20 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

(Der vorherige Suchlauf letzte Woche war auch ohne Befunde, daher nicht beigefügt.)

Danke im Voraus für eure Hilfe
Gruß
Lloreter

Larusso · 06.12.2014, 14:28

Diese firefox.com hat schon seine Richtigkeit im MBAM Ordner. Kein Grund zur Sorge.
Das zeitweilige Ausbremsen des Systems kann viele Ursachen haben. An Malware denke ich aber in diesem Fall nicht.

Lloreter · 06.12.2014, 14:34

Hallo Larusso,

also nichts weiter unternehmen?
Die Logs auch sauber?

Danke

Larusso · 08.12.2014, 16:54

Sorry, war gestern etwas verkatert

Ja, die Logs sehen gut aus

Lloreter · 08.12.2014, 17:11

Zitat:

Zitat von Larusso

Sorry, war gestern etwas verkatert

Wer mal verkatert ist, der lebt noch (so eben

)
Kann ich aber gut nachvollziehen

Zitat:

Zitat von Larusso

Ja, die Logs sehen gut aus

Alles klar, dann danke für deine Hilfe.
Ist immer wieder beruhigend, solch eine Auskunft zu bekommen

Kannst mich dann aus deinen Abos entfernen.

Liebe Grüße

06.12.2014, 14:28	#2
Larusso /// Selecta Jahrusso	Kaspersky hat Win32.Generic gemeldet, aber nicht mehr zu finden Diese firefox.com hat schon seine Richtigkeit im MBAM Ordner. Kein Grund zur Sorge. Das zeitweilige Ausbremsen des Systems kann viele Ursachen haben. An Malware denke ich aber in diesem Fall nicht. __________________ __________________

08.12.2014, 16:54	#4
Larusso /// Selecta Jahrusso	Kaspersky hat Win32.Generic gemeldet, aber nicht mehr zu finden Sorry, war gestern etwas verkatert Ja, die Logs sehen gut aus __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Kaspersky hat Win32.Generic gemeldet, aber nicht mehr zu finden

Log-Analyse und Auswertung: Kaspersky hat Win32.Generic gemeldet, aber nicht mehr zu finden