Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   2 Trojaner gefunden, Rechner macht noch Probleme (https://www.trojaner-board.de/139366-2-trojaner-gefunden-rechner-macht-noch-probleme.html)

taupo_ 05.08.2013 15:37
2 Trojaner gefunden, Rechner macht noch Probleme
 
Hallo zusammen,

seit einiger Zeit ist mein Internet doch sehr langsam. Daraufhin habe ich wieder einen ausführlichen Scan mit Kaspersky gemacht und wurde auch fündig. 2 Trojaner hat er aufgespürt, dich ich dann löschen lassen habe.

...\appdata\locallow\sun\java\deployment\cache\6.0\8\207c1908-62c86a61
...\18\41a01412-4b303d7d

HEUR:Exploit.Script.Generic

Das hat mir Kaspersky ausgespuckt. Jetzt ist das Internet immer noch sehr langsam und ich habe einen Scan mit Malwarebytes und OTL gemacht. MB hat nichts gefunden, OTL-Scan ist im Anhang.

Vielen Dank im Voraus!

Code:
OTL logfile created on: 05.08.2013 16:10:15 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\McCaw\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,31% Memory free
7,49 Gb Paging File | 5,33 Gb Available in Paging File | 71,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,73 Gb Total Space | 18,49 Gb Free Space | 8,16% Space Free | Partition Type: NTFS
Drive D: | 16,80 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive F: | 221,94 Gb Total Space | 152,00 Gb Free Space | 68,48% Space Free | Partition Type: NTFS
 
Computer Name: VITALI-HP | User Name: McCaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.11 11:47:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013.01.18 17:34:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\McCaw\Downloads\OTL.exe
PRC - [2012.12.03 15:49:32 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.11.30 15:52:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2011.11.07 10:52:55 | 000,060,688 | ---- | M] (ZTE) -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
PRC - [2011.11.07 10:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
PRC - [2011.11.07 10:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.02.22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe
PRC - [2006.10.23 02:40:14 | 000,349,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011.11.07 10:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
MOD - [2011.11.07 10:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
MOD - [2011.11.07 10:43:33 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
MOD - [2011.11.07 10:39:08 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
MOD - [2011.11.07 10:39:01 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
MOD - [2011.11.07 10:38:53 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
MOD - [2011.11.07 10:38:51 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
MOD - [2011.11.07 10:38:49 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
MOD - [2011.05.06 05:03:32 | 000,594,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
MOD - [2011.05.06 05:02:40 | 000,341,504 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
MOD - [2010.10.14 11:37:52 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
MOD - [2010.10.14 11:37:52 | 000,080,688 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
MOD - [2010.05.19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.05.19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.05.19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
MOD - [2006.10.23 02:49:14 | 003,407,872 | ---- | M] () -- c:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\ExLang32.DEU
MOD - [2006.10.23 02:35:20 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\XPS2PDF.DEU
MOD - [2006.10.23 02:35:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\WebPDF.deu
MOD - [2006.10.23 02:35:06 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Weblink.DEU
MOD - [2006.10.23 02:35:00 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\TouchUp.DEU
MOD - [2006.10.23 02:34:44 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\updater.DEU
MOD - [2006.10.23 02:34:32 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\tablepicker.DEU
MOD - [2006.10.23 02:34:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Spelling.DEU
MOD - [2006.10.23 02:33:42 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SendMail.deu
MOD - [2006.10.23 02:33:38 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PPKLITE.DEU
MOD - [2006.10.23 02:33:38 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search5.DEU
MOD - [2006.10.23 02:33:28 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search.DEU
MOD - [2006.10.23 02:33:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Scan.DEU
MOD - [2006.10.23 02:33:14 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\saveasxml.DEU
MOD - [2006.10.23 02:33:12 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsRTF.deu
MOD - [2006.10.23 02:33:02 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Reflow.deu
MOD - [2006.10.23 02:32:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ReadOutLoud.DEU
MOD - [2006.10.23 02:32:30 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\pddom.DEU
MOD - [2006.10.23 02:32:28 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PaperCapture.DEU
MOD - [2006.10.23 02:32:26 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Multimedia.DEU
MOD - [2006.10.23 02:32:16 | 001,224,704 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Annots.DEU
MOD - [2006.10.23 02:32:04 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\JDFProdDef.DEU
MOD - [2006.10.23 02:32:02 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\makeaccessible.DEU
MOD - [2006.10.23 02:31:50 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageConversion.DEU
MOD - [2006.10.23 02:31:38 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Html2pdf.deu
MOD - [2006.10.23 02:31:30 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Hls.deu
MOD - [2006.10.23 02:31:20 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Editor.DEU
MOD - [2006.10.23 02:31:10 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\EWH32.DEU
MOD - [2006.10.23 02:31:00 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Escript.deu
MOD - [2006.10.23 02:30:42 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DigSig.DEU
MOD - [2006.10.23 02:30:32 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\eBook.DEU
MOD - [2006.10.23 02:30:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DistillerPI.DEU
MOD - [2006.10.23 02:29:58 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Acroform.DEU
MOD - [2006.10.23 02:29:56 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Checkers.DEU
MOD - [2006.10.23 02:29:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Catalog.DEU
MOD - [2006.10.23 02:29:28 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ADBC.DEU
MOD - [2006.10.23 02:29:24 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\accessibility.DEU
MOD - [2006.10.01 22:49:16 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
MOD - [2006.08.31 10:28:18 | 000,008,704 | R--- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\InDesignPI.DEU
MOD - [2005.07.30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll
MOD - [2004.06.21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.06.30 15:19:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.07.03 22:07:06 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.11 11:47:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.01.25 17:10:35 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.03 15:49:32 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.11.30 15:52:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.17 16:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.19 09:19:40 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.04.24 19:42:25 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.24 19:42:24 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.11.30 16:25:52 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.11.30 16:25:52 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.08 01:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2011.08.19 12:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2011.08.19 12:25:25 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.30 15:51:20 | 006,792,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.30 14:46:16 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.06 15:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.10 08:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.22 01:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.12.15 04:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2009.12.15 04:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2009.10.08 04:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.08 04:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.29 13:20:06 | 000,022,528 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VNUSB.sys -- (VNUSB)
DRV:64bit: - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.06.14 18:33:40 | 000,526,848 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.04.07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\VNUSB.sys -- (VNUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7259870C-A45F-45AC-9AD6-444D9C03066B}
IE:64bit: - HKLM\..\SearchScopes\{7259870C-A45F-45AC-9AD6-444D9C03066B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9C43D799-927C-4A08-9C5D-D123D40A98A6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{F86E89E4-E947-4EA2-93AC-8B8DBCB06808}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7259870C-A45F-45AC-9AD6-444D9C03066B}
IE - HKLM\..\SearchScopes\{7259870C-A45F-45AC-9AD6-444D9C03066B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9C43D799-927C-4A08-9C5D-D123D40A98A6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{F86E89E4-E947-4EA2-93AC-8B8DBCB06808}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{7259870C-A45F-45AC-9AD6-444D9C03066B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9C43D799-927C-4A08-9C5D-D123D40A98A6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{F86E89E4-E947-4EA2-93AC-8B8DBCB06808}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 19:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 19:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 19:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 19:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 19:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.18 17:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McCaw\AppData\Roaming\mozilla\Extensions
[2013.07.03 22:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.07.03 22:07:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B339E53-A026-4012-A21D-9A7A7B0BDD23}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a16998c1-9d1e-11e2-8492-3c4a92c981a4}\Shell - "" = AutoRun
O33 - MountPoints2\{a16998c1-9d1e-11e2-8492-3c4a92c981a4}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a16998dc-9d1e-11e2-8492-3c4a92c981a4}\Shell - "" = AutoRun
O33 - MountPoints2\{a16998dc-9d1e-11e2-8492-3c4a92c981a4}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013.08.02 10:20:35 | 000,000,000 | ---D | C] -- C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
[2013.08.02 10:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.08.02 10:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.07.19 16:08:06 | 000,000,000 | ---D | C] -- C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.07.19 16:07:19 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2013.07.11 11:40:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.11 11:40:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.11 11:40:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.11 11:40:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.11 11:40:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.11 11:40:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.11 11:40:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.11 11:40:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.11 11:40:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.11 11:40:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.11 11:40:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.11 11:40:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.11 11:40:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.11 11:40:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.11 11:40:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.11 09:22:50 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.11 09:22:50 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.11 09:22:49 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.11 09:22:49 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.11 09:19:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.07.04 14:05:07 | 000,000,000 | R--D | C] -- C:\Users\McCaw\Documents\Scanned Documents
[2013.07.04 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\McCaw\Documents\Fax
[2013.07.03 22:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.28 13:36:13 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.28 13:36:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.28 13:36:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.28 13:36:04 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.28 13:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.12 15:18:38 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 15:18:38 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 15:18:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 15:18:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 15:18:25 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 15:18:14 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 15:18:14 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 15:18:14 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 15:18:14 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 15:18:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 15:18:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 15:18:06 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 15:18:05 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.12 13:37:59 | 000,526,848 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\drivers\PAC7302.SYS
[2013.06.12 13:37:59 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\CoInst_070614.dll
[2013.06.12 13:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye 312
[2013.06.12 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Eye 312
[2013.06.12 13:37:57 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\SP7302.ax
[2013.06.12 13:37:57 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysWow64\P7302USD.dll
[2013.06.12 13:37:56 | 000,000,000 | ---D | C] -- C:\Windows\PixArt
[2013.06.12 13:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pac7302
[2013.06.12 12:36:57 | 000,000,000 | ---D | C] -- C:\Users\McCaw\Documents\Youcam
 
========== Files - Modified Within 60 Days ==========
 
[2013.08.05 15:02:28 | 001,957,115 | ---- | M] () -- C:\Users\McCaw\Desktop\Bewerbung - Vitali Malsam -Zeugnisse.pdf
[2013.08.05 14:58:30 | 000,119,451 | ---- | M] () -- C:\Users\McCaw\Desktop\Bewerbung - Vitali Malsam - Lebenslauf.pdf
[2013.08.05 14:55:25 | 000,074,063 | ---- | M] () -- C:\Users\McCaw\Desktop\Bewerbung - Vitali Malsam - Anschreiben.pdf
[2013.08.05 13:15:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.05 11:01:33 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.05 11:01:33 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.05 08:54:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.08.05 08:54:00 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.03 19:43:45 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.03 19:43:45 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.08.03 19:43:45 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.03 19:43:45 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.08.03 19:43:45 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.03 14:53:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMcCaw.job
[2013.08.02 09:32:40 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.30 08:46:45 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.07.30 08:46:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.07.25 17:49:37 | 000,010,257 | ---- | M] () -- C:\Users\McCaw\Desktop\Official All Blacks Rugby Jerseys, Super Rugby Jerseys & All Blacks Merchandise, Canterbury of New Zealand and more.pdf
[2013.07.11 13:26:48 | 000,331,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.28 13:35:55 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.06.28 13:35:55 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.28 13:35:55 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.28 13:35:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.28 13:35:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.28 13:35:55 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.19 09:19:40 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.06.12 01:43:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 01:42:58 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.12 01:42:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 01:42:58 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 01:42:58 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 01:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 01:25:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 01:25:16 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 01:25:16 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 01:25:13 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.12 01:25:13 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 01:25:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 01:25:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 00:51:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 00:50:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
 
========== Files Created - No Company Name ==========
 
[2013.08.05 15:02:28 | 001,957,115 | ---- | C] () -- C:\Users\McCaw\Desktop\Bewerbung - Vitali Malsam -Zeugnisse.pdf
[2013.08.05 14:58:30 | 000,119,451 | ---- | C] () -- C:\Users\McCaw\Desktop\Bewerbung - Vitali Malsam - Lebenslauf.pdf
[2013.08.05 14:55:25 | 000,074,063 | ---- | C] () -- C:\Users\McCaw\Desktop\Bewerbung - Vitali Malsam - Anschreiben.pdf
[2013.08.05 08:54:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.08.02 09:32:40 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.25 17:49:37 | 000,010,257 | ---- | C] () -- C:\Users\McCaw\Desktop\Official All Blacks Rugby Jerseys, Super Rugby Jerseys & All Blacks Merchandise, Canterbury of New Zealand and more.pdf
[2013.06.12 13:37:57 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2013.05.31 13:57:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.04.11 15:31:45 | 000,003,362 | ---- | C] () -- C:\Users\McCaw\AppData\Local\recently-used.xbel
[2012.12.23 13:32:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.12.23 13:32:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.10.26 13:19:06 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe
[2012.10.26 13:19:06 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini
[2012.10.26 13:19:06 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini
[2012.10.21 20:58:48 | 000,001,436 | ---- | C] () -- C:\Users\McCaw\gsview64.ini
[2012.09.22 10:14:39 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2012.09.22 10:14:39 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2012.09.22 10:14:39 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2012.09.22 10:11:19 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.09.22 10:11:19 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.09.21 21:40:21 | 000,000,037 | ---- | C] () -- C:\Users\McCaw\.gtk-bookmarks
[2012.07.30 21:14:32 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2012.07.30 21:14:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2012.07.29 18:25:03 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2005.04.07 16:13:16 | 000,015,326 | ---- | C] () -- C:\Program Files\Installationsanleitung.html
[2005.04.04 11:46:34 | 000,016,049 | ---- | C] () -- C:\Program Files\Deinstallationsanweisungen.pdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

schrauber 05.08.2013 16:29
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


taupo_ 05.08.2013 18:13
Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2013
Ran by McCaw at 2013-08-05 19:09:26
Running from C:\Users\McCaw\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (x32 Version: 1.6.65)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0)
Adobe AIR (x32 Version: 3.3.0.3670)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Apple Software Update (x32 Version: 2.1.3.127)
Ashampoo Burning Studio 6 FREE v.6.82 (x32 Version: 6.8.2)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Bullzip PDF Printer 8.2.0.1406 (Version: 8.2.0.1406)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0630.510.7373)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0630.510.7373)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0630.510.7373)
Catalyst Control Center Graphics Light (x32 Version: 2010.0630.510.7373)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0630.510.7373)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0630.510.7373)
Catalyst Control Center InstallProxy (x32 Version: 2010.0630.510.7373)
Catalyst Control Center Localization All (x32 Version: 2010.0630.510.7373)
CCC Help Chinese Standard (x32 Version: 2010.0630.0509.7373)
CCC Help Chinese Traditional (x32 Version: 2010.0630.0509.7373)
CCC Help Czech (x32 Version: 2010.0630.0509.7373)
CCC Help Danish (x32 Version: 2010.0630.0509.7373)
CCC Help Dutch (x32 Version: 2010.0630.0509.7373)
CCC Help English (x32 Version: 2010.0630.0509.7373)
CCC Help Finnish (x32 Version: 2010.0630.0509.7373)
CCC Help French (x32 Version: 2010.0630.0509.7373)
CCC Help German (x32 Version: 2010.0630.0509.7373)
CCC Help Greek (x32 Version: 2010.0630.0509.7373)
CCC Help Hungarian (x32 Version: 2010.0630.0509.7373)
CCC Help Italian (x32 Version: 2010.0630.0509.7373)
CCC Help Japanese (x32 Version: 2010.0630.0509.7373)
CCC Help Korean (x32 Version: 2010.0630.0509.7373)
CCC Help Norwegian (x32 Version: 2010.0630.0509.7373)
CCC Help Polish (x32 Version: 2010.0630.0509.7373)
CCC Help Portuguese (x32 Version: 2010.0630.0509.7373)
CCC Help Russian (x32 Version: 2010.0630.0509.7373)
CCC Help Spanish (x32 Version: 2010.0630.0509.7373)
CCC Help Swedish (x32 Version: 2010.0630.0509.7373)
CCC Help Thai (x32 Version: 2010.0630.0509.7373)
CCC Help Turkish (x32 Version: 2010.0630.0509.7373)
ccc-core-static (x32 Version: 2010.0630.510.7373)
ccc-utility64 (Version: 2010.0630.510.7373)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
congstar Internet-Manager (x32 Version: 1.0.0.3)
CorelDRAW Graphics Suite X3 (x32 Version: 13.2)
CorelDRAW Graphics Suite X3 (x32)
CyberLink DVD Suite (x32 Version: 7.0.3003)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217)
CyberLink YouCam (x32 Version: 3.0.2511)
DE (x32 Version: 13.1)
dows-Treiberpaket - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (Version: 09/29/2009 2.0.0.0)
Dropbox (HKCU Version: 1.6.16)
EA Download Manager (x32 Version: 5.1.0.4)
EaseUS Data Recovery Wizard 5.6.5 (x32 Version: 5.6.5)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Eye 312 (x32 Version: 1.0.0.14)
FIFA 11 (x32 Version: 1.0.0.0)
FileZilla Client 3.7.1 (x32 Version: 3.7.1)
FontNav (x32 Version: 5.0)
Free YouTube Download version 3.2.2.430 (x32 Version: 3.2.2.430)
FUSSBALL MANAGER 12 (x32 Version: 1.0.0.0)
GIMP 2.8.2 (Version: 2.8.2)
GSview 5.0 (Version: 5.0)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Documentation (x32 Version: 1.0.0.0)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.1.5)
HP Setup (x32 Version: 8.1.4186.3400)
HP Software Framework (x32 Version: 4.1.13.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.9.0)
IBM SPSS Statistics 21 (Version: 21.0.0.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LabelPrint (x32 Version: 2.5.2907)
LightScribe System Software (x32 Version: 1.18.15.1)
Mafia II (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access 2003 Runtime (x32 Version: 11.0.8173.0)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPhoneExplorer (x32 Version: 1.8.4)
NVIDIA PhysX (x32 Version: 9.10.0513)
Olympus Digital Wave Player (x32)
Opera 12.14 (x32 Version: 12.14.1738)
pdfsam (x32 Version: 2.2.1)
PhotoNow! (x32 Version: 1.1.6904)
Picasa 3 (x32 Version: 3.9)
Power2Go (x32 Version: 6.1.4204)
PowerDirector (x32 Version: 8.0.3003)
Readiris Pro 11 (x32 Version: 11.00.4795)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6066)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105)
REALTEK Wireless LAN Software (x32 Version: 1.00.10.0329)
Recovery Manager (x32 Version: 5.5.3023)
RtVOsd (Version: 1.0.3)
Skype™ 6.6 (x32 Version: 6.6.106)
Sony PC Companion 2.10.136 (x32 Version: 2.10.136)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Thrustmaster Force Feedback Driver (x32 Version: 1.FFD.2009)
Tropico 3: Absolute Power (x32 Version: 2.01)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Update Manager (x32 Version: 4.60)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
XnView 1.99 (x32 Version: 1.99)

==================== Restore Points  =========================

26-07-2013 05:59:30 Windows Update
30-07-2013 06:46:52 Windows Update
02-08-2013 07:21:49 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DF78BF1-C7FC-4567-8D31-240D2F8AF2DA} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {55F7A266-C90F-4CCC-A826-88792129A685} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9869CB77-AAC1-43FC-845C-EA0E5C9459F1} - System32\Tasks\HPCeeScheduleForMcCaw => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {9B0D2073-7F21-4AAA-9879-FF53B4AB0ED8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {BC86D76F-0E7C-45E2-B8D3-B7C7C83DAE46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C08CEF40-7C85-4B26-BF44-F031DC679402} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F52987F2-0659-4D05-AF09-968951B05AFA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F9C2E0A1-5191-4911-838C-CB78BBE0C09F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\HPCeeScheduleForMcCaw.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2013 07:14:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2013 04:42:32 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1200

Startzeit: 01ce8dfb4d4d13d3

Endzeit: 134

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: 6c3c68b6-f9ef-11e2-be69-dfd1967c477e

Error: (07/31/2013 04:41:06 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f4c

Startzeit: 01ce8dfb810be614

Endzeit: 59

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (07/31/2013 03:02:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0xae0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/30/2013 00:11:14 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1818

Startzeit: 01ce8d0c92370dc1

Endzeit: 18

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (07/26/2013 09:32:48 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x340
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/16/2013 07:46:29 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 820

Startzeit: 01ce824b5ad91ae8

Endzeit: 40

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (07/13/2013 08:04:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x1a38
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/11/2013 11:34:14 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (07/10/2013 01:54:42 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17d8

Startzeit: 01ce7d641fa12187

Endzeit: 43

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:


System errors:
=============
Error: (08/05/2013 08:55:29 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/04/2013 08:25:17 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/04/2013 00:54:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/03/2013 09:59:44 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/02/2013 03:46:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst wlidsvc erreicht.

Error: (08/02/2013 09:15:51 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/01/2013 08:49:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/31/2013 03:31:01 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (07/31/2013 11:57:03 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/30/2013 00:05:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.


Microsoft Office Sessions:
=========================
Error: (10/06/2012 04:49:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6771 seconds with 2460 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-02 11:05:42.075
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-02 11:05:42.073
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-02 11:05:42.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-02 10:22:56.280
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-02 10:22:56.270
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-02 10:22:56.270
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-28 16:31:35.700
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-28 16:31:35.700
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-28 16:31:35.700
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-28 15:55:15.971
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3834.9 MB
Available physical RAM: 1541.95 MB
Total Pagefile: 7667.99 MB
Available Pagefile: 4926.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:226.73 GB) (Free:18.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Volume) (Fixed) (Total:221.94 GB) (Free:152 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3CFA3DB5)
Partition 1: (Active) - (Size=199 MB) - (Type=42)
Partition 2: (Not Active) - (Size=227 GB) - (Type=42)
Partition 3: (Not Active) - (Size=17 GB) - (Type=42)
Partition 4: (Not Active) - (Size=103 MB) - (Type=42)

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013
Ran by McCaw (administrator) on 05-08-2013 19:08:41
Running from C:\Users\McCaw\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1005MC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {a16998c1-9d1e-11e2-8492-3c4a92c981a4} - H:\AutoRun.exe
MountPoints2: {a16998dc-9d1e-11e2-8492-3c4a92c981a4} - H:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM - DefaultScope {7259870C-A45F-45AC-9AD6-444D9C03066B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {F86E89E4-E947-4EA2-93AC-8B8DBCB06808} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {7259870C-A45F-45AC-9AD6-444D9C03066B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {F86E89E4-E947-4EA2-93AC-8B8DBCB06808} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {F86E89E4-E947-4EA2-93AC-8B8DBCB06808} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\McCaw\AppData\Roaming\Mozilla\Firefox\Path=C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1625151121-1635636130-2824913841-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-30] (Kaspersky Lab ZAO)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-30] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-30] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [526848 2007-06-14] (PixArt Imaging Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-05 19:08 - 2013-08-05 19:08 - 00000000 ____D C:\FRST
2013-08-05 19:06 - 2013-08-05 19:07 - 01788733 _____ (Farbar) C:\Users\McCaw\Downloads\FRST64.exe
2013-08-05 16:15 - 2013-08-05 16:15 - 00121332 _____ C:\Users\McCaw\Desktop\OTL.Txt
2013-08-05 08:54 - 2013-08-05 08:54 - 00000000 ____H C:\ProgramData\cm-lock
2013-08-04 14:52 - 2013-08-05 10:17 - 00001913 _____ C:\Users\McCaw\Desktop\bewerbung.txt
2013-08-02 10:20 - 2013-08-04 13:55 - 00000000 ____D C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-02 09:58 - 2013-08-02 09:59 - 04815135 _____ (FileZilla Project) C:\Users\McCaw\Downloads\filezilla_3.7.1_win32-setup.exe
2013-08-02 09:32 - 2013-08-02 09:32 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 07:52 - 2013-07-23 07:53 - 01067456 _____ (Solid State Networks) C:\Users\McCaw\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-19 16:08 - 2013-07-19 16:08 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 16:07 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-07-11 11:40 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 11:40 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 11:40 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 11:40 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 11:40 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 11:40 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:22 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:22 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:22 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:22 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:20 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 09:19 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-05 19:08 - 2013-08-05 19:08 - 00000000 ____D C:\FRST
2013-08-05 19:07 - 2013-08-05 19:06 - 01788733 _____ (Farbar) C:\Users\McCaw\Downloads\FRST64.exe
2013-08-05 18:22 - 2009-07-14 06:51 - 00121855 _____ C:\Windows\setupact.log
2013-08-05 18:17 - 2012-11-30 15:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-05 16:15 - 2013-08-05 16:15 - 00121332 _____ C:\Users\McCaw\Desktop\OTL.Txt
2013-08-05 15:24 - 2010-12-22 09:21 - 01516832 _____ C:\Windows\WindowsUpdate.log
2013-08-05 14:19 - 2012-07-27 19:36 - 00000000 ____D C:\Users\McCaw\Documents\_Meins
2013-08-05 11:52 - 2013-01-10 17:57 - 00000000 ____D C:\Users\McCaw\Downloads\adobe
2013-08-05 11:01 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 11:01 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 10:17 - 2013-08-04 14:52 - 00001913 _____ C:\Users\McCaw\Desktop\bewerbung.txt
2013-08-05 08:54 - 2013-08-05 08:54 - 00000000 ____H C:\ProgramData\cm-lock
2013-08-05 08:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-04 13:55 - 2013-08-02 10:20 - 00000000 ____D C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
2013-08-04 13:54 - 2012-07-27 12:04 - 00000000 ____D C:\Users\McCaw\AppData\Local\VirtualStore
2013-08-04 12:53 - 2012-07-27 12:51 - 01039930 _____ C:\Windows\PFRO.log
2013-08-03 19:43 - 2010-07-20 20:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-03 19:43 - 2010-07-20 20:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-03 19:43 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-03 16:57 - 2013-04-04 14:13 - 00000000 ____D C:\Program Files (x86)\UMTS USB Modem Manager
2013-08-03 14:53 - 2012-11-21 22:40 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMcCaw
2013-08-03 14:53 - 2012-11-21 22:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMcCaw.job
2013-08-03 10:08 - 2012-08-31 21:36 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\XnView
2013-08-02 16:38 - 2012-07-27 13:45 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Skype
2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-02 09:59 - 2013-08-02 09:58 - 04815135 _____ (FileZilla Project) C:\Users\McCaw\Downloads\filezilla_3.7.1_win32-setup.exe
2013-08-02 09:32 - 2013-08-02 09:32 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-02 09:32 - 2012-07-27 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-30 08:51 - 2013-01-22 10:21 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-30 08:51 - 2012-07-31 17:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-30 08:49 - 2012-07-27 13:58 - 00000000 ____D C:\Users\McCaw\AppData\Local\Adobe
2013-07-30 08:46 - 2012-07-27 14:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 08:46 - 2012-07-27 14:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 14:35 - 2012-12-16 16:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-29 14:35 - 2012-07-27 13:44 - 00000000 ____D C:\ProgramData\Skype
2013-07-29 11:55 - 2012-07-27 13:27 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Adobe
2013-07-26 09:46 - 2013-03-25 18:40 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Tropico 3
2013-07-23 07:53 - 2013-07-23 07:52 - 01067456 _____ (Solid State Networks) C:\Users\McCaw\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-19 16:31 - 2012-09-18 21:31 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-19 16:31 - 2010-07-20 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-19 16:08 - 2013-07-19 16:08 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-13 14:20 - 2013-02-04 20:27 - 00000000 ___HD C:\Users\McCaw\Desktop\.picasaoriginals
2013-07-11 13:26 - 2009-07-14 06:45 - 00331328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 13:24 - 2012-09-03 17:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 13:24 - 2012-09-03 17:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 13:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 13:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 11:42 - 2012-07-27 13:21 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 11:33 - 2012-07-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 17:37

==================== End Of Log ============================
--- --- ---

schrauber 06.08.2013 16:05
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

taupo_ 07.08.2013 10:19
TFC habe ich ausgeführt, adwCleaner auch. Anbei die Log-Datei. Allerdings hat mir Kaspersky gleich beim Herunterladen von JRT bei dem angegeben Link einen Trojanerfund angezeigt.

Ich scan das gleich mit dem JRT von chip.de, da kam keine Meldung. Wollte erstmal nur schnell Bescheid geben.

AdwCleaner Logfile:
Code:
# AdwCleaner v2.106 - Datei am 07/08/2013 um 10:33:09 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : McCaw - VITALI-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\McCaw\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\McCaw\AppData\Roaming\Mozilla\Firefox\Profiles\hv6bveon.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.14.1738.0

Datei : C:\Users\McCaw\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1550 octets] - [07/08/2013 10:33:10]

########## EOF - C:\AdwCleaner[S1].txt - [1610 octets] ##########
--- --- ---


Nun die anderen zwei Logs.

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by McCaw on 07.08.2013 at 10:46:48,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F86E89E4-E947-4EA2-93AC-8B8DBCB06808}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F86E89E4-E947-4EA2-93AC-8B8DBCB06808}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\McCaw\AppData\Roaming\mozilla\firefox\profiles\hv6bveon.default\minidumps [338 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2013 at 10:56:46,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by McCaw (administrator) on 07-08-2013 11:16:56
Running from C:\Users\McCaw\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1005MC.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {a16998c1-9d1e-11e2-8492-3c4a92c981a4} - H:\AutoRun.exe
MountPoints2: {a16998dc-9d1e-11e2-8492-3c4a92c981a4} - H:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {F86E89E4-E947-4EA2-93AC-8B8DBCB06808} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\McCaw\AppData\Roaming\Mozilla\Firefox\Path=C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1625151121-1635636130-2824913841-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-30] (Kaspersky Lab ZAO)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-30] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-30] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [526848 2007-06-14] (PixArt Imaging Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 10:56 - 2013-08-07 10:56 - 00001152 _____ C:\Users\McCaw\Desktop\JRT.txt
2013-08-07 10:46 - 2013-08-07 10:46 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 10:38 - 2013-08-07 10:38 - 00000000 ____H C:\ProgramData\cm-lock
2013-08-07 10:33 - 2013-08-07 10:33 - 00001673 _____ C:\AdwCleaner[S1].txt
2013-08-07 09:58 - 2013-08-07 09:59 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\McCaw\Desktop\JRT_5.3.4.exe
2013-08-07 09:46 - 2013-08-07 09:46 - 00000000 ____D C:\Users\McCaw\Desktop\Preview
2013-08-07 09:45 - 2013-08-07 09:46 - 00000000 ____D C:\Users\McCaw\Desktop\2013_08_04 Testspiel USV II - SV Eintracht Leipzig Süd 2-1
2013-08-07 09:44 - 2013-08-07 09:45 - 00000000 ____D C:\Users\McCaw\Desktop\2013_07_21Benefitzspiel in Mühlhausen
2013-08-07 09:35 - 2013-08-07 09:35 - 00448512 _____ (OldTimer Tools) C:\Users\McCaw\Downloads\TFC.exe
2013-08-05 19:08 - 2013-08-05 19:08 - 00000000 ____D C:\FRST
2013-08-05 19:06 - 2013-08-07 11:16 - 01788943 _____ (Farbar) C:\Users\McCaw\Desktop\FRST64.exe
2013-08-04 14:52 - 2013-08-05 10:17 - 00001913 _____ C:\Users\McCaw\Desktop\bewerbung.txt
2013-08-02 10:20 - 2013-08-07 09:54 - 00000000 ____D C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-02 09:58 - 2013-08-02 09:59 - 04815135 _____ (FileZilla Project) C:\Users\McCaw\Downloads\filezilla_3.7.1_win32-setup.exe
2013-08-02 09:32 - 2013-08-02 09:32 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 07:52 - 2013-07-23 07:53 - 01067456 _____ (Solid State Networks) C:\Users\McCaw\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-19 16:08 - 2013-07-19 16:08 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 16:07 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-07-11 11:40 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 11:40 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 11:40 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 11:40 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 11:40 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 11:40 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:22 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:22 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:22 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:22 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:20 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 09:19 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-07 11:16 - 2013-08-05 19:06 - 01788943 _____ (Farbar) C:\Users\McCaw\Desktop\FRST64.exe
2013-08-07 10:56 - 2013-08-07 10:56 - 00001152 _____ C:\Users\McCaw\Desktop\JRT.txt
2013-08-07 10:47 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 10:47 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 10:46 - 2013-08-07 10:46 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 10:41 - 2012-11-30 15:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-07 10:38 - 2013-08-07 10:38 - 00000000 ____H C:\ProgramData\cm-lock
2013-08-07 10:38 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-07 10:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 10:38 - 2009-07-14 06:51 - 00122247 _____ C:\Windows\setupact.log
2013-08-07 10:37 - 2010-12-22 09:21 - 01650555 _____ C:\Windows\WindowsUpdate.log
2013-08-07 10:33 - 2013-08-07 10:33 - 00001673 _____ C:\AdwCleaner[S1].txt
2013-08-07 09:59 - 2013-08-07 09:58 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\McCaw\Desktop\JRT_5.3.4.exe
2013-08-07 09:54 - 2013-08-02 10:20 - 00000000 ____D C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
2013-08-07 09:46 - 2013-08-07 09:46 - 00000000 ____D C:\Users\McCaw\Desktop\Preview
2013-08-07 09:46 - 2013-08-07 09:45 - 00000000 ____D C:\Users\McCaw\Desktop\2013_08_04 Testspiel USV II - SV Eintracht Leipzig Süd 2-1
2013-08-07 09:45 - 2013-08-07 09:44 - 00000000 ____D C:\Users\McCaw\Desktop\2013_07_21Benefitzspiel in Mühlhausen
2013-08-07 09:35 - 2013-08-07 09:35 - 00448512 _____ (OldTimer Tools) C:\Users\McCaw\Downloads\TFC.exe
2013-08-07 09:35 - 2010-07-20 20:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-07 09:35 - 2010-07-20 20:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-07 09:35 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 08:51 - 2012-07-31 17:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-06 08:50 - 2013-01-22 10:21 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-05 19:08 - 2013-08-05 19:08 - 00000000 ____D C:\FRST
2013-08-05 14:19 - 2012-07-27 19:36 - 00000000 ____D C:\Users\McCaw\Documents\_Meins
2013-08-05 11:52 - 2013-01-10 17:57 - 00000000 ____D C:\Users\McCaw\Downloads\adobe
2013-08-05 10:17 - 2013-08-04 14:52 - 00001913 _____ C:\Users\McCaw\Desktop\bewerbung.txt
2013-08-04 13:54 - 2012-07-27 12:04 - 00000000 ____D C:\Users\McCaw\AppData\Local\VirtualStore
2013-08-04 12:53 - 2012-07-27 12:51 - 01039930 _____ C:\Windows\PFRO.log
2013-08-03 16:57 - 2013-04-04 14:13 - 00000000 ____D C:\Program Files (x86)\UMTS USB Modem Manager
2013-08-03 14:53 - 2012-11-21 22:40 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMcCaw
2013-08-03 14:53 - 2012-11-21 22:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMcCaw.job
2013-08-03 10:08 - 2012-08-31 21:36 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\XnView
2013-08-02 16:38 - 2012-07-27 13:45 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Skype
2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-02 09:59 - 2013-08-02 09:58 - 04815135 _____ (FileZilla Project) C:\Users\McCaw\Downloads\filezilla_3.7.1_win32-setup.exe
2013-08-02 09:32 - 2013-08-02 09:32 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-02 09:32 - 2012-07-27 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-30 08:49 - 2012-07-27 13:58 - 00000000 ____D C:\Users\McCaw\AppData\Local\Adobe
2013-07-30 08:46 - 2012-07-27 14:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 08:46 - 2012-07-27 14:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 14:35 - 2012-12-16 16:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-29 14:35 - 2012-07-27 13:44 - 00000000 ____D C:\ProgramData\Skype
2013-07-29 11:55 - 2012-07-27 13:27 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Adobe
2013-07-26 09:46 - 2013-03-25 18:40 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Tropico 3
2013-07-23 07:53 - 2013-07-23 07:52 - 01067456 _____ (Solid State Networks) C:\Users\McCaw\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-19 16:31 - 2012-09-18 21:31 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-19 16:31 - 2010-07-20 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-19 16:08 - 2013-07-19 16:08 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-13 14:20 - 2013-02-04 20:27 - 00000000 ___HD C:\Users\McCaw\Desktop\.picasaoriginals
2013-07-11 13:26 - 2009-07-14 06:45 - 00331328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 13:24 - 2012-09-03 17:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 13:24 - 2012-09-03 17:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 13:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 13:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 11:42 - 2012-07-27 13:21 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 11:33 - 2012-07-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 17:37

==================== End Of Log ============================
--- --- ---

--- --- ---


Dankeschön!

schrauber 07.08.2013 12:47

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

taupo_ 08.08.2013 18:31
Alles gescannt, hier die Dateien. Da mein Internet gerade ohnehin spinnt (wegen Regen und Gewitter), kann ich nichts konkretes sagen. Etwas besser ist es. Mal sehen wie es sich morgen verhält.

Vielen Dank!

ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=89d2af61a094704aa4c96751b1cb580a
# engine=14695
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-08 03:39:24
# local_time=2013-08-08 05:39:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 31679 30742686 0 0
# compatibility_mode=5893 16776573 100 94 110815 127606214 0 0
# scanned=384259
# found=0
# cleaned=0
# scan_time=21141

Security Checkup
Code:
Results of screen317's Security Check version 0.99.71 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 7 Update 25 
 Adobe Flash Player 11.8.800.94 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (23.0)
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013
Ran by McCaw (administrator) on 08-08-2013 19:26:45
Running from C:\Users\McCaw\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1005MC.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(InstallShield Software Corporation) c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {a16998c1-9d1e-11e2-8492-3c4a92c981a4} - H:\AutoRun.exe
MountPoints2: {a16998dc-9d1e-11e2-8492-3c4a92c981a4} - H:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {F86E89E4-E947-4EA2-93AC-8B8DBCB06808} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9C43D799-927C-4A08-9C5D-D123D40A98A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\McCaw\AppData\Roaming\Mozilla\Firefox\Path=C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1625151121-1635636130-2824913841-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-30] (Kaspersky Lab ZAO)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-30] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-30] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [526848 2007-06-14] (PixArt Imaging Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 19:26 - 2013-08-08 19:26 - 01790059 _____ (Farbar) C:\Users\McCaw\Downloads\FRST64.exe
2013-08-08 18:11 - 2013-08-08 18:11 - 00000864 _____ C:\Users\McCaw\Desktop\checkup.txt
2013-08-08 17:49 - 2013-08-07 14:29 - 00891098 _____ C:\Users\McCaw\Desktop\SecurityCheck.exe
2013-08-08 08:51 - 2013-08-08 08:51 - 00000000 ____H C:\ProgramData\cm-lock
2013-08-07 14:29 - 2013-08-07 14:29 - 00891098 _____ C:\Users\McCaw\Downloads\SecurityCheck.exe
2013-08-07 14:28 - 2013-08-07 14:28 - 02347384 _____ (ESET) C:\Users\McCaw\Downloads\esetsmartinstaller_enu(1).exe
2013-08-07 12:11 - 2013-08-07 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 10:46 - 2013-08-07 10:46 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 10:33 - 2013-08-07 10:33 - 00001673 _____ C:\AdwCleaner[S1].txt
2013-08-07 09:58 - 2013-08-07 09:59 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\McCaw\Downloads\JRT_5.3.4.exe
2013-08-07 09:35 - 2013-08-07 09:35 - 00448512 _____ (OldTimer Tools) C:\Users\McCaw\Downloads\TFC.exe
2013-08-05 19:08 - 2013-08-05 19:08 - 00000000 ____D C:\FRST
2013-08-05 19:06 - 2013-08-07 11:16 - 01788943 _____ (Farbar) C:\Users\McCaw\Desktop\FRST64.exe
2013-08-04 14:52 - 2013-08-05 10:17 - 00001913 _____ C:\Users\McCaw\Desktop\bewerbung.txt
2013-08-02 10:20 - 2013-08-07 09:54 - 00000000 ____D C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-02 09:58 - 2013-08-02 09:59 - 04815135 _____ (FileZilla Project) C:\Users\McCaw\Downloads\filezilla_3.7.1_win32-setup.exe
2013-08-02 09:32 - 2013-08-02 09:32 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 07:52 - 2013-07-23 07:53 - 01067456 _____ (Solid State Networks) C:\Users\McCaw\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-19 16:08 - 2013-07-19 16:08 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 16:07 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-07-11 11:40 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 11:40 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 11:40 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 11:40 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 11:40 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 11:40 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 11:40 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 11:40 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 11:40 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 11:40 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:22 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:22 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:22 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:22 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:20 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 09:19 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-08 19:26 - 2013-08-08 19:26 - 01790059 _____ (Farbar) C:\Users\McCaw\Downloads\FRST64.exe
2013-08-08 19:20 - 2012-11-30 15:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-08 19:17 - 2010-07-20 20:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-08 19:17 - 2010-07-20 20:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-08 19:17 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-08 18:11 - 2013-08-08 18:11 - 00000864 _____ C:\Users\McCaw\Desktop\checkup.txt
2013-08-08 17:15 - 2010-12-22 09:21 - 01753761 _____ C:\Windows\WindowsUpdate.log
2013-08-08 11:47 - 2012-08-31 21:36 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\XnView
2013-08-08 10:01 - 2013-02-04 20:27 - 00000000 ___HD C:\Users\McCaw\Desktop\.picasaoriginals
2013-08-08 08:59 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 08:59 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 08:51 - 2013-08-08 08:51 - 00000000 ____H C:\ProgramData\cm-lock
2013-08-08 08:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 08:51 - 2009-07-14 06:51 - 00122303 _____ C:\Windows\setupact.log
2013-08-08 08:50 - 2013-01-18 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 14:53 - 2012-11-21 22:40 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMcCaw
2013-08-07 14:53 - 2012-11-21 22:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMcCaw.job
2013-08-07 14:29 - 2013-08-08 17:49 - 00891098 _____ C:\Users\McCaw\Desktop\SecurityCheck.exe
2013-08-07 14:29 - 2013-08-07 14:29 - 00891098 _____ C:\Users\McCaw\Downloads\SecurityCheck.exe
2013-08-07 14:28 - 2013-08-07 14:28 - 02347384 _____ (ESET) C:\Users\McCaw\Downloads\esetsmartinstaller_enu(1).exe
2013-08-07 13:01 - 2013-08-07 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 11:16 - 2013-08-05 19:06 - 01788943 _____ (Farbar) C:\Users\McCaw\Desktop\FRST64.exe
2013-08-07 10:46 - 2013-08-07 10:46 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 10:38 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-07 10:33 - 2013-08-07 10:33 - 00001673 _____ C:\AdwCleaner[S1].txt
2013-08-07 09:59 - 2013-08-07 09:58 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\McCaw\Downloads\JRT_5.3.4.exe
2013-08-07 09:54 - 2013-08-02 10:20 - 00000000 ____D C:\Users\McCaw\Desktop\2013-08-02_Beitrag BSM Windsheimer Zeitung
2013-08-07 09:35 - 2013-08-07 09:35 - 00448512 _____ (OldTimer Tools) C:\Users\McCaw\Downloads\TFC.exe
2013-08-06 08:51 - 2012-07-31 17:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-06 08:50 - 2013-01-22 10:21 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-05 19:08 - 2013-08-05 19:08 - 00000000 ____D C:\FRST
2013-08-05 14:19 - 2012-07-27 19:36 - 00000000 ____D C:\Users\McCaw\Documents\_Meins
2013-08-05 11:52 - 2013-01-10 17:57 - 00000000 ____D C:\Users\McCaw\Downloads\adobe
2013-08-05 10:17 - 2013-08-04 14:52 - 00001913 _____ C:\Users\McCaw\Desktop\bewerbung.txt
2013-08-04 13:54 - 2012-07-27 12:04 - 00000000 ____D C:\Users\McCaw\AppData\Local\VirtualStore
2013-08-04 12:53 - 2012-07-27 12:51 - 01039930 _____ C:\Windows\PFRO.log
2013-08-03 16:57 - 2013-04-04 14:13 - 00000000 ____D C:\Program Files (x86)\UMTS USB Modem Manager
2013-08-02 16:38 - 2012-07-27 13:45 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Skype
2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-02 09:59 - 2013-08-02 09:58 - 04815135 _____ (FileZilla Project) C:\Users\McCaw\Downloads\filezilla_3.7.1_win32-setup.exe
2013-08-02 09:32 - 2013-08-02 09:32 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-02 09:32 - 2012-07-27 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-30 08:49 - 2012-07-27 13:58 - 00000000 ____D C:\Users\McCaw\AppData\Local\Adobe
2013-07-30 08:46 - 2012-07-27 14:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 08:46 - 2012-07-27 14:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 14:35 - 2012-12-16 16:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-29 14:35 - 2012-07-27 13:44 - 00000000 ____D C:\ProgramData\Skype
2013-07-29 11:55 - 2012-07-27 13:27 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Adobe
2013-07-26 09:46 - 2013-03-25 18:40 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Tropico 3
2013-07-23 07:53 - 2013-07-23 07:52 - 01067456 _____ (Solid State Networks) C:\Users\McCaw\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-19 16:31 - 2012-09-18 21:31 - 00000000 ____D C:\ProgramData\InstallShield
2013-07-19 16:31 - 2010-07-20 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-19 16:08 - 2013-07-19 16:08 - 00000000 ____D C:\Users\McCaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-11 13:26 - 2009-07-14 06:45 - 00331328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 13:24 - 2012-09-03 17:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 13:24 - 2012-09-03 17:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 13:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 13:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 11:42 - 2012-07-27 13:21 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 11:33 - 2012-07-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 17:37

==================== End Of Log ============================
--- --- ---

schrauber 09.08.2013 09:57
Adobe updaten. Teste den Rechner und meld dich nochmal :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131